Application Security Engineer

OPPORTUNITY OVERVIEWAs an Application Security Engineer at ZeroFOX, you will join the Attack Surface and Vulnerability Assessment team, where you will research and implement techniques for identifying vulnerability in web applications and APIs.  For this role you will support development of large scale application testing focused on vulnerability classes that are reflected in recent attacks.  You will identify new application attack techniques as they appear in public research or threat intelligence, and then prototype those techniques for the ZeroFOX engineering team.    You’ll join a team of software engineers, cybersecurity experts, and data scientists who are disrupting the cyber security industry providing Digital Risk Protection: Protection on social media and digital channels from security threats like social engineering, external fraud, data loss, and insider threat.

Responsibilities

• Build and operate a large scale scanning platform to identify application weaknesses.
• Research and deliver new Web & API assessment capabilities to the ZeroFOX platform.
• Perform occasional application assessment consulting projects.
• Serve as a subject matter expert for product management, engineering, sales and marketing to help deliver world-class security and intelligence features. 
• Serve as a thought leader and publish blogs, white papers, conference presentations and interact with the media
• Keep up to date with public AppSec research and implement capabilities for new vulnerability types.
• Prototype usage of new capabilities in the ZeroFOX platform
• Support other team members in usage of tools or techniques
• Help with buildout & management of test environments
• Work with internal teams as a subject matter expert in application security.
• Create triage workflows for AppSec results and help train the analyst team.
• Help automate various workflows and integrations through scripting in order to improve the efficiency of the team
• Work with engineering and operations teams to improve the team’s efficiency

Qualifications

• Bachelor’s Degree in Computer Science or equivalent development experience
• Experience in Application Security, DevSecOps, or development with sufficient security background, typically obtained in 3-5 years
• Experience testing web applications and APIs
• Experience with commercial DAST/SAST/SCA tools like Veracode, Snyk, Checkmarx, Fortify SCA, and WebInspect.
• Experience with testing tools like BurpSuite Pro, Zap, Hopper, Postman, Jaeles, and Nuclei
• Experience with triage and remediation workflows in AppSec, along with integrating *AST/SCA output into CI/CD
• Familiarity with AWS, Kubernetes, Docker, and Terraform
• Strong analytical skills and attention to detail
• Solid interpersonal and social skills
• Spoken and written fluency in the English language
• Ability to comfortably write scripts, interact with APIs, and automate processes with Python, Go, Node.js
• Ability to comfortably build lightweight infrastructure in AWS, including servers and corresponding services, to help automate processes for your work or the team’s work

Benefits

• Competitive compensation and benefits
• Community-driven culture
• Generous time off 
• Comprehensive health benefits & 401(k) plan
• Fun, modern workspace with regular team events
• Wellness offerings

Interested?

• Ready to apply? Visit us at https://www.zerofox.com/careers to find out more and join the best team in the security industry.
• Not ready to apply? Email careers_at_zerofox_dot_com to speak with a member of the team!

ABOUT ZEROFOXZeroFox’s mission is clear: we protect customers - their data, their assets and their people - across the internet. Through AI-powered technology, global intelligence collection and services provided by a team of expert analysts and threat hunters, we give customers the protection and intelligence needed to disrupt a new era of attacks on the surface, deep and dark web. With $150M+ in funding to date, recognition from Forrester as best-in-class in brand intelligence and numerous awards and honors, joining the ZeroFox team means joining a culture that is committed to excellence. That means committing to the success of each of our employees so you can be the best version of yourself on the best team. If you’re ready to join a team that is mission-oriented, customer-focused, collaborative and dedicated, you’ve come to the right place.
Equal Opportunity, Diversity & InclusionWe aim to build a team that represents a variety of backgrounds, perspectives, and skills. We embrace inclusion and ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, military or veteran status, or any other personal characteristic.