Application Security Engineer - Bay Area, CA/ Pittsburgh, PA / NYC, NY

Application Security Engineer (New York or San Francisco Bay Area)

We're looking for a full-time Application Security Engineer to help us secure Ivalua’s platform. This includes automated and manual security testing to identify and analyze vulnerabilities, orchestrate remediation plans and track the vulnerability remediation progress via reports and dashboards. Additionally, the Application Security Engineer will participate in the deployment and continuous improvement of the Secure Architecture & Software Development program for keeping Ivalua’s platform secure.

Key Responsibilities:

• Assess Ivalua’s platform security through threat modeling, security code reviews, automated and manual penetration testing and provide guidance on effective countermeasures
• Build, review, deploy, utilize and maintain security tools including SAST/DAST/SCA and other security solutions to identify and report security vulnerabilities to the engineering / development teams
• Analyze, evaluate, report, and track vulnerabilities reported through customer, internal or external audits and provide input and guidance on the development of remediation plans and strategies to fix the reported vulnerabilities in a manner consistent with Ivalua standards
• Collaborate with engineering / development teams to enhance security throughout the development lifecycle to incorporate / improve effective security standards and controls into product design and adopt shift-security-to-left practices
• Act as the SME on application security and stay apprised on new security vulnerability, threats, risks, attack tools and techniques and deliver security training and documentation on Security Development Lifecycle to engineering / development teams
• Review, improve and help automate the application security processes and activities such as vulnerability reviews and testing activities including those within the CI/CD pipelines
• Manage and prioritize multiple tasks in accordance with high level objectives

Specialized Knowledge & Skills:

• 2+ years hands-on technical expertise in Application Security, automation, integration, and deployment (DevSecOps)
• 3+ years expertise in performing various technical security audits in web applications (penetration tests, security code reviews)
• Coding experience in scripting & programming languages (such as Python, C#, .NET, JavaScript, SQL)
• Experience with the most common security tools (BurpSuite, SQLMap, Hydra etc.)
• Experience implementing, managing, and supporting a vulnerability management program (process and technology)
• Experience and knowledge of implementing or operating a DevSecOps ecosystem and well-known understanding of Dynamic and Static Application Security Testing (DAST & SAST) and infrastructure automation/development utilizing APIs
• Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards) and vulnerability frameworks standards (e.g., OWASP, CVSS, CWE) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation
• Experience using Agile software development
• Understanding of global frameworks and standards like NIST, ISO 27001/27002/27017/ 27018, SANS CIS 20, PCI DSS etc.
• An Information Security qualification or evidence of starting to work towards e.g CISSP, OSCP, Azure-500, GPEN or similar certification is preferred but not required
• Ability to handle multiple tasks, prioritize and meet deadlines

Ivalua’s core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents.

The compensation range for this position is based upon careful and continual market compensation research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience.

Title: Application Security Engineer

Range minimum: Base $98,000

Range maximum: Base $182,000

Additional compensation / rewards: Ivalua offers an annual target bonus for this position conditional on individual and company performance. Other compensation factors may also be considered. Ivalua also offers exceptional benefits including medical, dental, vision, retirement (with company match), and much more.

#LI-SG1

#LI-HYBRID