Application Security Engineer

What You'll Do

• Develop multi-year roadmaps to solve complex security challenges company wide.
• Design, build and deploy automation to scale the discovery of security bugs across all company apps and services.
• Identify novel attacks and security weaknesses in company-owned assets; automate their discovery using state-of-the-art techniques, methods, and tools.
• Provide security guidance to application and service owners to remediate known security vulnerabilities.
• Mentor junior engineers.

Requirements

Basic Qualifications:

• 3+ years of experience with Java, Python, .NET, or C#
• 3+ years of experience with using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
• 3+ years of experience with supporting Veracode Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments
• Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
• Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
• Knowledge of web protocols and a command line tool
• Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
• Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues

Additional Qualifications:

• Experience with the SecurityCompass SDElements security requirements tool
• Experience with Interactive Application Security Testing (IAST) capabilities and tools
• Experience with OWASP ZAP or Burp Proxy

Benefits

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Training & Development