We are seeking an intermediate security engineer who is passionate about Application Security and has about 3 years of experience with any combination of the following: web and mobile application security, threat modeling, attack surface reduction, browser security, database security, file security, and secure software development. Should have knowledge of web application attacks and defense strategies including those found in the OWASP Top 10 and mobile Top 10.
Duties will include:
Monitor developments within the application security industry to ensure internal policies, procedures, tools, and training reflect current trends and methods such as those published by OWASP Provide security guidance on a constant stream of new products and technologies (including cloud) Work with developers to refine security checkpoints in the SDLC that are based on applicable standards or industry-accepted doctrine. Conduct regular security assessments Identify emerging vulnerabilities, risks, and threats during design iterations and provide appropriate countermeasures Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle. Assist with periodic security risk assessments, IT security audits, and management reporting. Implement a strategy for application vulnerabilities, reviews, and remediation. Work with the development teams to provide guidance on secure coding practices. Excellent verbal and written communication skills.
Experience Required:
3-5 years of experience developing on web and mobile and API platforms
3-5 years assessing and securing iOS and Android mobile apps
3-5 years assessing and securing REST and SOAP APIs
2-3 years assessing and securing web applications
2-3 years reviewing source code and using security testing tools
2 years threat modeling web and mobile applications
Working knowledge of Web Application firewalls is necessary
Experience working with Agile development/Scrum teams
Experiencing in developing in Java, SQL, and Python.
Strong knowledge and ability to operate vulnerability assessment and application assessment tools (e.g. AppScan, Fortify, Veracode, SonaType, RASP highly desired)
Security risk assessment and systems security audit work experience is highly desired.
Experience with threat modeling and web application security assessments
Degree preference: Computer Science or related program