Remote Application Security Engineer

Description:

• As an Application Security Engineer, you will perform application security testing on web applications, mobile applications, microservices, infrastructure code, and open source code to expose weaknesses in their design and/or configuration that make them susceptible to exploitation.
• You will work closely with development teams, product managers, and other members of the information security team to assess risks, conduct security reviews, and recommend steps for the remediation of identified vulnerabilities.
• You will educate development engineers on secure coding practices and contribute to overall application security awareness.
• Collaborate with internal teams to define the scope of application security testing activities, including the number and types of applications to be tested, and the testing methodology.
• Plan and carry out application security testing in all phases of the software development life cycle to identify vulnerabilities in application code and weaknesses in secure coding practices.
• Use test results to create reports that detail discovered security issues, assess risk levels, and provide actionable recommendations.
• Assess discovered vulnerabilities and recommend solutions to reduce risk and mitigate security impacts to the application environment.
• Communicate findings, risks, conclusions, and recommendations to stakeholders.
• Consider the impact your testing will have on the business and its users.
• Clearly articulate and convey the potential business or operational impact of unaddressed security vulnerabilities.

Requirements:

• You should have 3-5 years of proven experience in application security testing, including Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Open Source Security (OSS) testing, and Software Composition Analysis (SCA).
• A Bachelor’s Degree, ideally in a technically related field (Computer Science, Information Technology, Software Engineering), or equivalent work experience is required.
• Relevant certifications such as EC-Council Certified Application Security Engineer (C|ASE), GIAC Certified Web Application Defender (GWEB), or (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP) are necessary.
• Experience testing web applications for OWASP Top Ten security vulnerabilities is essential.
• A thorough understanding of the Software Development Life Cycle (SDLC) is required.
• You should have experience in promoting and implementing secure coding practices, and providing training and education to development teams on secure development practices.
• Strong verbal and written communication skills with the ability to clearly articulate technical concepts to both technical and non-technical audiences are necessary.
• Attention to detail is important to plan and execute tests that meet all requirements.
• You must have the ability to prioritize tasks and manage time effectively to meet deadlines.
• Ethical integrity to be trusted with a high level of confidential information is required.
• The ability to collaborate with team members and share knowledge is essential.
• Exceptional analytical and problem-solving skills and the persistence to apply different techniques to get the job done are necessary.
• You should have the ability to understand the business implications of identified weaknesses.
• A commitment to continuously update your technical knowledge base is expected.

Benefits:

• You can expect competitive compensation and immediate contribution.
• An inclusive benefits package is offered, including 401k plans and customizable benefits such as dental, vision, and medical for you and your dependents.
• The company promotes an innovative culture that values the quality of work over quantity.
• There are company-supported and employee-driven ambassador groups that promote diversity, working on a hybrid schedule, and philanthropy.
• Learning and development programs are available to help advance your career and personal growth.