The Best Players Need the Best People.
The Application Security Engineer will play a critical role in ensuring the security of our software applications and systems. The primary function of this role is to collaborate with development teams to address security configuration and vulnerability issues, perform in-depth code reviews, and analyze open-source libraries for potential security risks. The successful candidate will have a strong background in application security and secure coding practices, with the ability to work effectively in a fast-paced, agile environment.
Qualifications:
- Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.
- A minimum of 5 years related experience, inclusive of 3+ years of experience in application security, including hands-on experience with code reviews, vulnerability management, and security testing.
- Strong knowledge of secure coding practices and experience in reviewing code written in languages such as Java, Python, JavaScript, or C#.
- Familiarity with common security vulnerabilities (e.g., OWASP Top 10) and experience in applying security controls in a development environment.
- Experience with security tools such as SAST/DAST, dependency checkers, and security monitoring tools.
- Strong understanding of open-source libraries and the associated security risks.
- Excellent communication skills with the ability to explain complex security issues to both technical and non-technical audiences.
- Certifications such as CISSP, CEH, CSSLP, or OSCP are a plus.
Preferred Skills:
- Experience with cloud security, particularly in AWS environments.
- Knowledge of DevSecOps practices and experience integrating security into CI/CD pipelines.
- Understanding of containerization and microservices architecture and associated security considerations.
Responsibilities:
Security Configuration & Vulnerability Management:
- Collaborate with development teams to identify, prioritize, understand, and remediate security configuration issues in applications.
- Conduct vulnerability assessments on applications and systems, using both automated tools and manual techniques.
- Provide recommendations and support for fixing identified vulnerabilities, ensuring they are addressed in a timely manner.
Code Reviews & Secure Coding Practices:
- Perform thorough code reviews on internally developed applications, focusing on security vulnerabilities and coding best practices.
- Review and assess third-party and open-source libraries for security risks and provide guidance on their safe integration into our applications.
- Work with development teams to integrate security controls and best practices into the software development lifecycle (SDLC).
Security Tools & Automation:
- Utilize and manage security tools and platforms, such as static and dynamic application security testing (SAST/DAST) tools, to enhance the security of our applications.
- Collaborate with DevOps teams to automate security processes within CI/CD pipelines.
- Manage and maintain the cybersecurity team’s internally built tools and pipelines.
Security Awareness & Training:
- Assist in developing and delivering secure coding training and awareness programs for developers.
- Act as a security advocate within the organization, promoting a culture of security awareness and continuous improvement.
Documentation & Reporting:
- Document security vulnerabilities, their remediation plans, and progress, ensuring all stakeholders are kept informed.
- Prepare reports and metrics on the state of application security, vulnerability management, and code review activities.
- Special projects or work as assigned.
