Application Security Engineer
ControlUp is the market leader in IT Monitoring, Self-healing and Analyzing virtual environments, creating solutions that save IT organizations time, money, and stress.Join us in this critical role helping to secure ControlUp's intellectual property, networks, and sensitive data against a variety of complex threats. Your application layer security expertise will help drive our program, continually maturing our SSDLC processes and policies with full support from senior leadership. You will collaborate closely with ControlUp’s R&D, DevOps, IT to build security into our applications, perform application-layer security testing, and assist developers with vulnerability remediation. Bring your knowledge and leadership to ControlUp and make a real difference every day! Responsibilities· Research and discover Zero-Days and conduct POCs in ControlUp’s products.· Analyze application vulnerabilities and verify their characteristics and associated components.· Provide security guidance on a constant stream of new products and technologies.· Collaborate with engineering and conduct regular security assessments· Develop functional security testing scripts and procedures and identify opportunities to automate security testing and processes.· Train and educate developers and teams in secure coding techniques including the use of supporting toolsets.· Improving and supporting application security tool deployments including static analysis and runtime testing tools Requirements· Proven experience in application penetration testing and/or certifications such as OSCP / OSCE - Must!· Depth understanding of programming languages - (e.g. .NET, Python, Java, etc.) - Must!· Ability to develop scripts (python, bash, etc.) in order to automate attacks. - Must!· Experience in security research, including an understanding of application security attacks, vulnerabilities and mitigations- Must!· In-depth technical hands-on and knowledge of IT/DevOps systems and technologies - Knowledge of networking and internet protocols and Windows/Linux internals - Must!· Experience with static code analysis and fuzzing tools.· Experience in working and understanding AWS, Terraform, Containers, EDR and APIs etc.· Experience and knowledge with relevant methodologies for conducting resilience tests such as OWASP for identifying weaknesses in web-based systems.· Proven experience in SDLC frameworks and standards· Ability to explain complex security problems. Nice to have· Knowledge of encryption methods and protocols.· Experience with Reverse Engineering.· Familiarity with information security in the infrastructure world (hardening Microsoft / Linux operating systems, communication components, database, etc.).· Familiarity with information security products and relevant tools (WAF, FW, IPS, NAC, DLP, surfing filtering, etc.)· Handle complex cases escalated from other teams.
Job tags: AWS Code analysis DevOps Encryption IPS Java Linux OSCE OSCP Penetration testing POCs Python Security assessments Vulnerabilities Windows
Job region(s): Middle East