Senior Application Security Engineer
Canada
Applications have closed
Cority
Learn why over 1,400 global organizations trust Cority to provide their EHS software and OHS software. We are the most trusted provider of EHS software.
Cority is the global enterprise EHS software provider creating industry-leading technology to empower those who transform the way the world works. For over 35 years, Cority has been powered by the spirit of innovation, deep domain expertise, and a commitment to integrity that enables higher levels of operational and sustainable performance with the most comprehensive, human-centered, and secure SaaS platform to help workers and businesses thrive in 100 countries around the world. The company enjoys the industry’s highest levels of client satisfaction and has received many awards for its strong employee culture and outstanding business performance. To learn more, visit www.cority.com.
The role of an application security engineer is multifaceted and critical for any organization that relies on software applications for its operations. They act as the vanguard of application security, ensuring the robustness and reliability of software systems. Application security engineers are responsible for establishing and enforcing security standards and best practices within an organization.
They conduct regular security assessments, identify vulnerabilities, and work with development teams to remediate them. They also keep up-to-date with the latest security threats, trends, and countermeasures to ensure that the organization's applications are always protected.
Security reviews from third party auditors involve evaluating applications for potential vulnerabilities and non-compliance with security standards. The application security engineer will work with third parties to design the audit, and interpret the results. Post-audit activities include creating tickets for remediation, and providing guidance where needed.
Application security engineers are also responsible for integrating security tools and processes into the DevOps pipeline. This involves automating security checks and scans to identify and fix vulnerabilities early in the development process. By integrating security into the DevOps pipeline, application security engineers help to ensure that security is not an afterthought but a fundamental part of the software development process. These can include static analysis tools, dynamic analysis tools, and penetration testing tools. These tools allow the engineer to identify and fix vulnerabilities in the code and the running application. Knowledge of security technologies like firewalls, intrusion detection systems, and encryption is also important to protect the application from external threats.
Application security engineers have a responsibility to raise awareness about application security within the development teams. They may conduct training sessions for developers and other IT professionals on secure coding practices, security standards, and the latest security threats and countermeasures. These can include frameworks like the OWASP Top Ten, a standard awareness document for developers and web application security, and standards like ISO 27001.
The role of an application security engineer is multifaceted and critical for any organization that relies on software applications for its operations. They act as the vanguard of application security, ensuring the robustness and reliability of software systems. Application security engineers are responsible for establishing and enforcing security standards and best practices within an organization.
They conduct regular security assessments, identify vulnerabilities, and work with development teams to remediate them. They also keep up-to-date with the latest security threats, trends, and countermeasures to ensure that the organization's applications are always protected.
Security reviews from third party auditors involve evaluating applications for potential vulnerabilities and non-compliance with security standards. The application security engineer will work with third parties to design the audit, and interpret the results. Post-audit activities include creating tickets for remediation, and providing guidance where needed.
Application security engineers are also responsible for integrating security tools and processes into the DevOps pipeline. This involves automating security checks and scans to identify and fix vulnerabilities early in the development process. By integrating security into the DevOps pipeline, application security engineers help to ensure that security is not an afterthought but a fundamental part of the software development process. These can include static analysis tools, dynamic analysis tools, and penetration testing tools. These tools allow the engineer to identify and fix vulnerabilities in the code and the running application. Knowledge of security technologies like firewalls, intrusion detection systems, and encryption is also important to protect the application from external threats.
Application security engineers have a responsibility to raise awareness about application security within the development teams. They may conduct training sessions for developers and other IT professionals on secure coding practices, security standards, and the latest security threats and countermeasures. These can include frameworks like the OWASP Top Ten, a standard awareness document for developers and web application security, and standards like ISO 27001.
Qualifications:
- 5+ years of experience in web application security, secure software development, and cloud security
- A solid grounding in information security principles, web application security and API security
- Ability to perform technical analysis of complex software, systems, and underlying infrastructure environments
- Exception tracking, reporting, and drive to closure
- The ability to work on complex projects across multiple groups and geographies
- Excellent collaboration and communication skills – the ability to learn swiftly, be a self-starter, and partner with cross-functional teams to gain trust and influence
- Proactive, accountable, autonomous, and solutions-oriented
- Bachelor’s degree or equivalent work experience
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
11
3
0
Categories:
AppSec Jobs
Security Engineering Jobs
Tags: APIs Application security Cloud Compliance DevOps Encryption Firewalls Intrusion detection ISO 27001 OWASP Pentesting SaaS Security assessment Vulnerabilities
Region:
North America
Country:
Canada
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open PowerShell-related jobs
- Open SQL-related jobs