Application Security Engineer

Remote - United States

Applications have closed

As an Application Security Engineer for FormAssembly you will:

• Proactively perform technical security assessments against FormAssembly’s web applications and services.

• Work with the Product and Engineering Teams to provide security-focused best practices during all phases of the software development lifecycle process (SDLC) and CI/CD pipeline.

• Assist in security architecture discussions with engineering for both product and infrastructure designs and develop risk mitigation plans when needed.

• Assist the vulnerability management program and perform regularly scheduled vulnerability scans to support compliance and triage new vulnerabilities.

• Implement cloud security controls in AWS and help automate security processes when appropriate.

• Perform security monitoring, threat analysis, and lead the incident response process

• Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls for the FormAssembly environment.

• Handle customer-related questions and concerns around application security, vulnerabilities and bugs.

• Assist in security auditing, networking, endpoint, application, and other security areas when needed.


Requirements

Requirements:

• 2+ years of experience in Application/Product Security preferably in SaaS

• 2+ years of experience with Cloud Security in AWS preferred

• Strong understanding of web application architecture and design principles

• Experience managing a bug bounty program such as Hackerone/Bugcrowd or other crowdsourcing platforms.

• Experience with a vulnerability program such as Nessus or Qualys

• Hands-on experience with security technologies such as WAF, FIM, ConMon, SAST/DAST, etc.

• Working familiarity of OWASP Top 10 and SANS 25 as well as how to identify and mitigate them

• Experience with threat modelling along with manual secure code review in languages such as PHP and JavaScript.

• A basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, HTTPS).

• Familiarity with common web application testing tools, such as Burp Suite, Zap, Qualys or other open-source security industry tools.

• Experience leading incident response plans and working with SIEM tools for threat analysis.

• Knowledge of container security such as Docker and Kubernetes is a plus.

• Experience working with operating systems and hardening (Linux and macOS) a plus

• Certifications such as CISSP, GSEC, CEH or CISM a plus

• Agile, humble, trustworthy, and a team player.

Benefits

FormAssembly is a 100% remote SaaS company dedicated to helping customers streamline organizational processes and be better stewards of their data and we are looking for key individuals to join our rapidly growing team.

Customers like Amazon, PayPal, Harvard, and thousands of other organizations worldwide rely on FormAssembly to capture the data they need quickly and securely. We have been recognized in the 2020 Inc. 5000 list of fastest growing private companies, and we are a G2 Crowd Winter 2021 Leader.

We're intelligent, adaptive, and growing rapidly - thanks to our impressive roster of customers.

Here are some links to give you a peek into what it’s like to work at FormAssembly:

If you’re a genuinely nice person who is great to work with, respectful, and who will put the team and our customers first, we’d be thrilled to have you apply for this position. FormAssembly is an equal opportunity employer. If you belong to an under-represented group in tech, you’ll find a welcoming culture that thrives on diversity.

This is a full-time position, open to all locations (working remotely from home).

Benefits:

FormAssembly offers several benefits that help to facilitate a healthy team, personal growth, and a work-life balance, all of which contribute to creating a more engaged and passionate workforce.

  • Health benefits (health, dental, vision) for team members based in the United States
  • 401(k) with 4% company match for team members based in the United States
  • 4 weeks paid vacation and 9 company holidays
  • Flexible work schedule
  • Paid parental leave
  • Charitable contribution match
  • Budget for professional development
  • Company provided Mac laptop

You'll be joining a talented and fun team, working together to build something great!

Tags: Agile Application security Audits AWS Burp Suite CEH CI/CD CISM CISSP Cloud Compliance DAST Docker GSEC Incident response JavaScript Kubernetes Linux MacOS Monitoring Nessus OWASP PHP Product security Qualys SaaS SANS SAST SDLC Security assessment SIEM TCP/IP Vulnerabilities Vulnerability management Vulnerability scans Web application testing

Perks/benefits: 401(k) matching Career development Flex hours Flex vacation Gear Health care Parental leave

Regions: Remote/Anywhere North America
Country: United States
Job stats:  17  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.