Application Security Engineer
Dulles, VA, United States
ATPCOATPCO is the airline industry’s primary source for airline merchandising and pricing data.
ATPCO is the foundation of flight shopping, providing pricing and retailing data, tools, and services to 500+ airlines, global distribution systems, sales channels, and technology companies. ATPCO links the entire airline community together, collaborating to develop industry standards for airline distribution and end-to-end technology solutions. From shopping to settlement, ATPCO solutions work seamlessly across existing, new, and evolving technologies and methods. Airline-owned and reliably supporting air travel for more than 55 years, ATPCO is everywhere people buy flights.
Employees are eligible for our benefits package including employer matched 401(k), group health insurance and wellness programs, paid time off, tuition reimbursement, standby flight program and employee collaborated work and life standards.
We consider qualified applicants for employment without regard to race, gender, age, color, religion, national origin, citizenship status, marital status, disability, sexual orientation, protected military/veteran status, gender identity or expression, genetic information, marital status, medical condition, or any other legally protected factor.
The InfoSec team is responsible for finding and solving the biggest security risks facing our applications and infrastructure. As an engineering team ourselves, we do this by building paved roads and guardrails. We believe that the secure option should also be the easiest option for our users. We’re looking for a strong Engineer with a deep understanding of securing applications in a Cloud-native world to help us execute this vision.
- Develop automated security testing for centralized security libraries which scale directly with developer needs and enable them to write secure code more easily.
- Have significant ownership in and evangelize security training with development teams.
- Drive initiatives which scale application security and holistically address application vulnerabilities.
- Be able to review code in context and defend findings.
- Support and consult with product and development teams in application security, including threat modeling and AppSec reviews.
- Assist teams in reproducing, triaging, and remediating application security vulnerabilities.
- Assist in development of security processes and automated tooling that prevent classes of security issues.
- With a focus on AWS, build the application specific security components of the next phase of ATPCOs Cloud infrastructure, shaping secure application development for years to come.
- Build automation to help us discover, measure, and contextualize application security issues.
- Partner with platform teams to deliver solutions that permanently solve entire categories of security risk.
- Participate in varied penetration testing and vulnerability assessments of applications, operating systems and/or networks.
- Able to work collaboratively with and advocate for software development teams.
- Experience with product management tools and practices, can interface directly with product teams to assign work/influence backlog for security needs.
- Experience identifying security issues through code review.
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- Familiarity with some common security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
- Knowledge of Secure SDLC and Security standards like OWASP, CWE, NIST, OSSTMM 5 Penetration Testing Methodology
- Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
- Development or scripting experience and skills. JSON, Python, YAML, CloudFormation, Terraform, PowerShell, etc. are preferred.
- A strong understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)
- Has strong analytical, technical, and organizational skills to include strong attention to detail.
- Prior application security experience in a distributed, multi-Cloud hybrid environment with a focus on AWS.
- Knowledge of application penetration testing, threat modeling, and security architecture reviews
- Experience integrating security into the development pipeline, with hands-on experience with Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Runtime Application Self-Protection (RASP), and software composition analysis solutions.
- Experience with configuration of cloud and platform technologies (AWS, Kubernetes, Dockers, Linux, Windows)
- Establishes, maintains, and reports upon metrics regarding overall application security posture.
- Excellent technical documentation skills.
* Salary range is an estimate based on our salary survey 💰
Tags: Application security Automation AWS Cloud DAST JSON Kubernetes Linux NIST OWASP Pentesting PowerShell Python SAST Scripting SDLC TCP/IP Terraform Vulnerabilities Windows
Perks/benefits: 401(k) matching Career development Health care Insurance Wellness
More jobs like this
New York City, United … New York City, United States InternshipEntry Entry-levelUSD 110K - 115K USD 110K+
2023 Cybersecurity Engineering Summer Internship - New YorkAgile Analytics Compliance Finance Governance Network security Risk management +2
Career development Equity Lunch / meals Startup environment Team events
Pittsburgh, PA, United States Pittsburgh, PA, United States Full TimeEntry Entry-levelUSD 120K - 160K USD 120K+
Research Scientist / Research Engineer - Security and PrivacyC C++ Computer Science Cryptography Intrusion detection Machine Learning Mathematics +6
401(k) matching Career development Flex hours Flex vacation Health care +4
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Information Security Specialist jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Senior SOC Analyst jobs
- Open Staff Product Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open IT Security Engineer jobs
- Open IT Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Head of Information Security jobs
- Open Cyber Hunt SME jobs
- Open Security Consultant jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Application Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Senior Security Operations Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Senior Security Analyst jobs
- Open Application security-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Vulnerability management-related jobs
- Open DevSecOps-related jobs
- Open Analytics-related jobs
- Open Java-related jobs
- Open IAM-related jobs
- Open CISM-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs
- Open Forensics-related jobs
- Open Malware-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs
- Open OWASP-related jobs