Application Security Engineer

About Appen
Appen is a leader in AI enablement for critical tasks such as model improvement, supervision, and evaluation. To do this we leverage our global crowd of over one million skilled contractors, speaking over 180 languages and dialects, representing 130 countries. In addition, we utilize the industry's most advanced AI-assisted data annotation platform to collect and label various types of data like images, text, speech, audio, and video.
Our data is crucial for building and continuously improving the world's most innovative artificial intelligence systems and Appen is already trusted by the world's largest technology companies. Now with the explosion of interest in generative AI, Appen is helping leaders in automotive, financial services, retail, healthcare, and governments the confidence to deploy world-class AI products.
At Appen, we are purpose driven. Our fundamental role in AI is to ensure all models are helpful, honest, and harmless, so we firmly believe in unlocking the power of AI to build a better world. We have a learn-it-all culture that values perspective, growth, and innovation. We are customer-obsessed, action-oriented, and celebrate winning together.
At Appen, we are committed to creating an inclusive and diverse workplace. We are an equal opportunity employer that does not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Position SummaryAn Application Security Engineer at Appen AI plays a pivotal role in ensuring the development of secure applications. Working closely with engineering teams and the Information Security group, this individual ensures that Appen applications are crafted with security at their core.

Key Responsibilities

• Experience: Minimum 2-4 years of experience in application security.
• Expertise: Deep familiarity with the OWASP Top 10 and other web application security concerns, including OWASP Application Security Verification Standards (ASVS).
• Security Tools: Familiarity with SAST, DAST, and SCA scans, as well as a strong understanding of OWASP ASVS. Ability to interpret and assess CVEs identified by scanning tools.
• Knowledge: Advanced understanding of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby on Rails, Angular, Node.js, etc.).
• Continuous Learning: Demonstrated ability to stay current with trends, techniques, tools, and processes to enhance the security posture of applications.
• Communication: Excellent verbal and written communication skills, including technical writing abilities.
• Team Collaboration: Team-oriented mindset with the ability to produce high-quality work within a fast-paced, dynamic team environment.
• Availability: Ability to work across different time zones and collaborate effectively with geographically dispersed teams.

Responsibilities

• Shift-Left Security in Software Development Life Cycle (SDLC): Implementing security practices from the early stages of application development.
• Security Testing and Implementation: Providing guidelines and implementing tools for Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Web Application Firewall (WAF), and Runtime Application Self-Protection (RASP).
• Security Tools Utilization: Leveraging security tools like Kali Linux, Burp Suite, Orca, AWS Web Application Firewall (WAF), and other relevant security tools.
• Coaching and Guidance: Offering coaching and guidance to development teams on security remediation efforts, integrating security scans into their pipelines, and incorporating dependency scans into the development process.
• Threat Awareness and Training: Keeping the teams updated on new application threats and remediation techniques through ongoing improvements and awareness training.
• Identity-Related Best Practices: Providing guidance on OpenID Connect (OIDC), OAuth2, and other identity-related best practices for web and mobile applications.
• Collaboration and Risk Prioritization: Collaborating with the Information Security (InfoSec) team to prioritize applications and vulnerabilities based on risk.
• Documentation and Communication: Maintaining strong documentation and communicating effectively with diverse teams, both verbally and in writing.
• Cloud Security: Proficiency in managing security aspects within AWS or GCP adds significant value to the experience.
•  

Appen is the global leader in data for the AI Lifecycle with more than 25 years’ experience in data sourcing, annotation, and model evaluation. Through our expertise, platform, and global crowd, we enable organizations to launch the world’s most innovative artificial intelligence products with speed and at scale. Appen maintains the industry’s most advanced AI-assisted data annotation platform and boasts a global crowd of more than 1 million contributors worldwide, speaking more than 235 languages. Our products and services make Appen a trusted partner to leaders in technology, automotive, finance, retail, healthcare, and government. Appen has customers and offices globally.