Application Security Engineer
Remote - United States
Applications have closed
FormAssembly Inc.
As an Application Security Engineer for FormAssembly you will:
• Proactively perform technical security assessments against FormAssembly’s web applications and services.
• Work with the Product and Engineering Teams to provide security-focused best practices during all phases of the software development lifecycle process (SDLC) and CI/CD pipeline.
• Assist in security architecture discussions with engineering for both product and infrastructure designs and develop risk mitigation plans when needed.
• Assist the vulnerability management program and perform regularly scheduled vulnerability scans to support compliance and triage new vulnerabilities.
• Implement cloud security controls in AWS and help automate security processes when appropriate.
• Perform security monitoring, threat analysis, and lead the incident response process
• Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls for the FormAssembly environment.
• Handle customer-related questions and concerns around application security, vulnerabilities and bugs.
• Assist in security auditing, networking, endpoint, application, and other security areas when needed.
Requirements
Requirements:
• 2+ years of experience in Application/Product Security preferably in SaaS
• 2+ years of experience with Cloud Security in AWS preferred
• Strong understanding of web application architecture and design principles
• Experience managing a bug bounty program such as Hackerone/Bugcrowd or other crowdsourcing platforms.
• Experience with a vulnerability program such as Nessus or Qualys
• Hands-on experience with security technologies such as WAF, FIM, ConMon, SAST/DAST, etc.
• Working familiarity of OWASP Top 10 and SANS 25 as well as how to identify and mitigate them
• Experience with threat modelling along with manual secure code review in languages such as PHP and JavaScript.
• A basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, HTTPS).
• Familiarity with common web application testing tools, such as Burp Suite, Zap, Qualys or other open-source security industry tools.
• Experience leading incident response plans and working with SIEM tools for threat analysis.
• Knowledge of container security such as Docker and Kubernetes is a plus.
• Experience working with operating systems and hardening (Linux and macOS) a plus
• Certifications such as CISSP, GSEC, CEH or CISM a plus
• Agile, humble, trustworthy, and a team player.
Benefits
FormAssembly is a 100% remote SaaS company dedicated to helping customers streamline organizational processes and be better stewards of their data and we are looking for key individuals to join our rapidly growing team.
Customers like Amazon, PayPal, Harvard, and thousands of other organizations worldwide rely on FormAssembly to capture the data they need quickly and securely. We have been recognized in the 2020 Inc. 5000 list of fastest growing private companies, and we are a G2 Crowd Winter 2021 Leader.
We're intelligent, adaptive, and growing rapidly - thanks to our impressive roster of customers.
Here are some links to give you a peek into what it’s like to work at FormAssembly:
- Meet our awesome team.
- Learn how and why we work remotely.
If you’re a genuinely nice person who is great to work with, respectful, and who will put the team and our customers first, we’d be thrilled to have you apply for this position. FormAssembly is an equal opportunity employer. If you belong to an under-represented group in tech, you’ll find a welcoming culture that thrives on diversity.
This is a full-time position, open to all locations (working remotely from home).
Benefits:
FormAssembly offers several benefits that help to facilitate a healthy team, personal growth, and a work-life balance, all of which contribute to creating a more engaged and passionate workforce.
- Health benefits (health, dental, vision) for team members based in the United States
- 401(k) with 4% company match for team members based in the United States
- 4 weeks paid vacation and 9 company holidays
- Flexible work schedule
- Paid parental leave
- Charitable contribution match
- Budget for professional development
- Company provided Mac laptop
You'll be joining a talented and fun team, working together to build something great!
Tags: Agile Application security Audits AWS Burp Suite CEH CI/CD CISM CISSP Cloud Compliance DAST Docker GSEC Incident response JavaScript Kubernetes Linux MacOS Monitoring Nessus OWASP PHP Product security Qualys SaaS SANS SAST SDLC Security assessment SIEM TCP/IP Vulnerabilities Vulnerability management Vulnerability scans Web application testing
Perks/benefits: 401(k) matching Career development Flex hours Flex vacation Gear Health care Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs