Application Security Engineer
DC Metro
ZeroFox
ZeroFox, the leader in external cybersecurity, exposes, disrupts, and responds to threats outside the perimeter.Responsibilities
- Build and operate a large scale scanning platform to identify application weaknesses.
- Research and deliver new Web & API assessment capabilities to the ZeroFOX platform.
- Perform occasional application assessment consulting projects.
- Serve as a subject matter expert for product management, engineering, sales and marketing to help deliver world-class security and intelligence features.
- Serve as a thought leader and publish blogs, white papers, conference presentations and interact with the media
- Keep up to date with public AppSec research and implement capabilities for new vulnerability types.
- Prototype usage of new capabilities in the ZeroFOX platform
- Support other team members in usage of tools or techniques
- Help with buildout & management of test environments
- Work with internal teams as a subject matter expert in application security.
- Create triage workflows for AppSec results and help train the analyst team.
- Help automate various workflows and integrations through scripting in order to improve the efficiency of the team
- Work with engineering and operations teams to improve the team’s efficiency
Qualifications
- Bachelor’s Degree in Computer Science or equivalent development experience
- Experience in Application Security, DevSecOps, or development with sufficient security background, typically obtained in 3-5 years
- Experience testing web applications and APIs
- Experience with commercial DAST/SAST/SCA tools like Veracode, Snyk, Checkmarx, Fortify SCA, and WebInspect.
- Experience with testing tools like BurpSuite Pro, Zap, Hopper, Postman, Jaeles, and Nuclei
- Experience with triage and remediation workflows in AppSec, along with integrating *AST/SCA output into CI/CD
- Familiarity with AWS, Kubernetes, Docker, and Terraform
- Strong analytical skills and attention to detail
- Solid interpersonal and social skills
- Spoken and written fluency in the English language
- Ability to comfortably write scripts, interact with APIs, and automate processes with Python, Go, Node.js
- Ability to comfortably build lightweight infrastructure in AWS, including servers and corresponding services, to help automate processes for your work or the team’s work
Benefits
- Competitive compensation and benefits
- Community-driven culture
- Generous time off
- Comprehensive health benefits & 401(k) plan
- Fun, modern workspace with regular team events
- Wellness offerings
Interested?
- Ready to apply? Visit us at https://www.zerofox.com/careers to find out more and join the best team in the security industry.
- Not ready to apply? Email careers_at_zerofox_dot_com to speak with a member of the team!
Equal Opportunity, Diversity & InclusionWe aim to build a team that represents a variety of backgrounds, perspectives, and skills. We embrace inclusion and ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, military or veteran status, or any other personal characteristic.
Tags: APIs Application security AWS Burp Suite Checkmarx CI/CD Computer Science DAST DevSecOps Docker Kubernetes Node.js PostMan Python SAST Scripting Terraform Threat intelligence Veracode
Perks/benefits: Competitive pay Health care Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs