Application Security Engineer - Bay Area, CA/ Pittsburgh, PA / NYC, NY
Fremont, CA - USA
Application Security Engineer (New York or San Francisco Bay Area)
We're looking for a full-time Application Security Engineer to help us secure Ivalua’s platform. This includes automated and manual security testing to identify and analyze vulnerabilities, orchestrate remediation plans and track the vulnerability remediation progress via reports and dashboards. Additionally, the Application Security Engineer will participate in the deployment and continuous improvement of the Secure Architecture & Software Development program for keeping Ivalua’s platform secure.
Key Responsibilities:
- Assess Ivalua’s platform security through threat modeling, security code reviews, automated and manual penetration testing and provide guidance on effective countermeasures
- Build, review, deploy, utilize and maintain security tools including SAST/DAST/SCA and other security solutions to identify and report security vulnerabilities to the engineering / development teams
- Analyze, evaluate, report, and track vulnerabilities reported through customer, internal or external audits and provide input and guidance on the development of remediation plans and strategies to fix the reported vulnerabilities in a manner consistent with Ivalua standards
- Collaborate with engineering / development teams to enhance security throughout the development lifecycle to incorporate / improve effective security standards and controls into product design and adopt shift-security-to-left practices
- Act as the SME on application security and stay apprised on new security vulnerability, threats, risks, attack tools and techniques and deliver security training and documentation on Security Development Lifecycle to engineering / development teams
- Review, improve and help automate the application security processes and activities such as vulnerability reviews and testing activities including those within the CI/CD pipelines
- Manage and prioritize multiple tasks in accordance with high level objectives
Specialized Knowledge & Skills:
- 2+ years hands-on technical expertise in Application Security, automation, integration, and deployment (DevSecOps)
- 3+ years expertise in performing various technical security audits in web applications (penetration tests, security code reviews)
- Coding experience in scripting & programming languages (such as Python, C#, .NET, JavaScript, SQL)
- Experience with the most common security tools (BurpSuite, SQLMap, Hydra etc.)
- Experience implementing, managing, and supporting a vulnerability management program (process and technology)
- Experience and knowledge of implementing or operating a DevSecOps ecosystem and well-known understanding of Dynamic and Static Application Security Testing (DAST & SAST) and infrastructure automation/development utilizing APIs
- Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards) and vulnerability frameworks standards (e.g., OWASP, CVSS, CWE) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation
- Experience using Agile software development
- Understanding of global frameworks and standards like NIST, ISO 27001/27002/27017/ 27018, SANS CIS 20, PCI DSS etc.
- An Information Security qualification or evidence of starting to work towards e.g CISSP, OSCP, Azure-500, GPEN or similar certification is preferred but not required
- Ability to handle multiple tasks, prioritize and meet deadlines
Ivalua’s core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents.
The compensation range for this position is based upon careful and continual market compensation research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience.
Title: Application Security Engineer
Range minimum: Base $98,000
Range maximum: Base $182,000
Additional compensation / rewards: Ivalua offers an annual target bonus for this position conditional on individual and company performance. Other compensation factors may also be considered. Ivalua also offers exceptional benefits including medical, dental, vision, retirement (with company match), and much more.
#LI-SG1
#LI-HYBRID
Tags: Agile APIs Application security Audits Automation Azure Burp Suite C CI/CD CISSP CVSS Cyber Kill Chain DAST DevSecOps GPEN ISO 27001 JavaScript NIST OSCP OWASP PCI DSS Pentesting Python SANS SAST Scripting SQL Vulnerabilities Vulnerability management
Perks/benefits: Career development Equity Health care Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs