Application Security Engineer
AppenArtificial intelligence will improve the world. That's why we've developed specialized tools and expertise to build a better future.
Appen is a leader in AI enablement for critical tasks such as model improvement, supervision, and evaluation. To do this we leverage our global crowd of over one million skilled contractors, speaking over 180 languages and dialects, representing 130 countries. In addition, we utilize the industry's most advanced AI-assisted data annotation platform to collect and label various types of data like images, text, speech, audio, and video.
Our data is crucial for building and continuously improving the world's most innovative artificial intelligence systems and Appen is already trusted by the world's largest technology companies. Now with the explosion of interest in generative AI, Appen is helping leaders in automotive, financial services, retail, healthcare, and governments the confidence to deploy world-class AI products.
At Appen, we are purpose driven. Our fundamental role in AI is to ensure all models are helpful, honest, and harmless, so we firmly believe in unlocking the power of AI to build a better world. We have a learn-it-all culture that values perspective, growth, and innovation. We are customer-obsessed, action-oriented, and celebrate winning together.
At Appen, we are committed to creating an inclusive and diverse workplace. We are an equal opportunity employer that does not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Position SummaryAn Application Security Engineer at Appen AI plays a pivotal role in ensuring the development of secure applications. Working closely with engineering teams and the Information Security group, this individual ensures that Appen applications are crafted with security at their core.
- Experience: Minimum 2-4 years of experience in application security.
- Expertise: Deep familiarity with the OWASP Top 10 and other web application security concerns, including OWASP Application Security Verification Standards (ASVS).
- Security Tools: Familiarity with SAST, DAST, and SCA scans, as well as a strong understanding of OWASP ASVS. Ability to interpret and assess CVEs identified by scanning tools.
- Knowledge: Advanced understanding of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby on Rails, Angular, Node.js, etc.).
- Continuous Learning: Demonstrated ability to stay current with trends, techniques, tools, and processes to enhance the security posture of applications.
- Communication: Excellent verbal and written communication skills, including technical writing abilities.
- Team Collaboration: Team-oriented mindset with the ability to produce high-quality work within a fast-paced, dynamic team environment.
- Availability: Ability to work across different time zones and collaborate effectively with geographically dispersed teams.
- Shift-Left Security in Software Development Life Cycle (SDLC): Implementing security practices from the early stages of application development.
- Security Testing and Implementation: Providing guidelines and implementing tools for Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Web Application Firewall (WAF), and Runtime Application Self-Protection (RASP).
- Security Tools Utilization: Leveraging security tools like Kali Linux, Burp Suite, Orca, AWS Web Application Firewall (WAF), and other relevant security tools.
- Coaching and Guidance: Offering coaching and guidance to development teams on security remediation efforts, integrating security scans into their pipelines, and incorporating dependency scans into the development process.
- Threat Awareness and Training: Keeping the teams updated on new application threats and remediation techniques through ongoing improvements and awareness training.
- Identity-Related Best Practices: Providing guidance on OpenID Connect (OIDC), OAuth2, and other identity-related best practices for web and mobile applications.
- Collaboration and Risk Prioritization: Collaborating with the Information Security (InfoSec) team to prioritize applications and vulnerabilities based on risk.
- Documentation and Communication: Maintaining strong documentation and communicating effectively with diverse teams, both verbally and in writing.
- Cloud Security: Proficiency in managing security aspects within AWS or GCP adds significant value to the experience.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Senior Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Specialist jobs
- Open Chief Information Security Officer jobs
- Open Senior Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Specialist jobs
- Open Ingénieur DevSecops H/F jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open C-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open Splunk-related jobs
- Open APIs-related jobs
- Open DevSecOps-related jobs
- Open IDS-related jobs