Remote Application Security Engineer

Description:

• As an Application Security Engineer, you will be an integral part of our technology team, focusing on enhancing the security posture of our software development lifecycle (SDLC).
• Your role will be crucial in conducting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and specializing in Blackduck testing to support our engineering and DEVOPS teams.
• You will design and develop application security controls focusing on authentication, authorization, access control, secrets management, logging, and monitoring based on enterprise cyber capabilities such as OKTA, CyberArk, SailPoint, and Splunk.
• You will perform implementation and operations of SAST (Klocwork, Coverity, Fortify SCA, Clang) and DAST (WebInspect, Invicti, Checkmarx, BurpSuite) to identify and mitigate security vulnerabilities.
• You will conduct thorough security assessments and validations to ensure the effectiveness of implemented controls.
• You will serve as the go-to person for facilitating the implementation of application security controls in all in-house developed applications, SaaS solutions, and vendor-developed/hosted applications.
• You will work closely with cross-functional teams to remediate identified vulnerabilities and enhance overall application security posture.
• You will stay abreast of the latest industry trends, emerging threats, and advancements in application security.
• You will ensure compliance with industry standards, guidelines, and best practices such as OWASP (Open Web Application Security Project) and SANS.
• You will conduct regular assessments and audits to verify adherence to OWASP standards and address any identified gaps.
• You will collaborate with incident response teams to investigate and mitigate security events related to application security.
• You will foster strong partnerships with development teams, IT operations, and other relevant stakeholders to promote a culture of security awareness and collaboration.
• You will communicate complex security concepts effectively to both technical and non-technical audiences.

Requirements:

• You must have proven experience in application security with a focus on authentication, authorization, access control, secrets management, logging, and monitoring.
• You should possess industry-standard certifications such as CISSP, CSSLP, Certified Ethical Hacker (CEH), or equivalent.
• Security vendor certifications such as Checkmarx, Coverity, Klocwork, BurpSuite, WebInspect, and Fortify SCA are required.
• You must have an in-depth understanding of OWASP guidelines and best practices.
• Strong programming/scripting skills in Python and PowerShell, along with familiarity with modern development frameworks, are necessary.
• Excellent communication and interpersonal skills are essential for this role.

Benefits:

• You will have the opportunity to work in a multibillion-dollar global company that fosters a diverse, equitable, and inclusive culture.
• You will be part of a team that is dedicated to innovation and excellence in the memory industry.
• The position offers the flexibility of remote work, allowing for a better work-life balance.
• You will be involved in cutting-edge projects that have a significant impact on the future of technology and data storage solutions.
• The company promotes a culture of security awareness and collaboration, providing a supportive environment for professional growth and development.