Remote Application Security Engineer (The Code Defender)

Description:

• The Application Security Engineer (aka The Code Defender) will collaborate with development teams to integrate security into every phase of the software development lifecycle, ensuring security best practices are followed from initial design to deployment.
• Responsibilities include conducting thorough security code reviews and vulnerability assessments to identify weaknesses in applications, using tools like static and dynamic analysis to detect flaws, and working with developers to resolve them.
• The engineer will perform penetration testing on web, mobile, and cloud-based applications to identify security vulnerabilities, simulate real-world attacks, and ensure applications can withstand modern threats.
• Implementing and managing security tools that integrate into the CI/CD pipeline, automating security testing for continuous integration, deploying tools like SAST, DAST, and RASP to catch vulnerabilities early in the development process.
• Providing guidance and training to developers and product teams on secure coding practices, OWASP Top Ten vulnerabilities, and threat modeling to build a culture of security awareness.
• Conducting threat modeling exercises to anticipate potential attack vectors and weaknesses in application architectures, prioritizing risks, and providing actionable security recommendations to mitigate potential threats.
• Assisting in the detection, response, and remediation of security incidents affecting applications, providing post-incident analysis, and helping implement measures to prevent future vulnerabilities.

Requirements:

• Application Security Expertise: Strong understanding of application security principles, including secure coding, cryptography, access control, and authentication, familiar with common vulnerabilities like SQL injection, XSS, CSRF, and SSRF.
• Penetration Testing and Code Auditing: Hands-on experience with penetration testing and auditing code for vulnerabilities using tools like Burp Suite, OWASP ZAP, or similar platforms.
• Development Background: Solid experience in at least one programming language, deep understanding of web technologies like HTML, CSS, and APIs, ability to identify security flaws in code.
• DevSecOps Integration: Experience working in a DevOps or CI/CD environment, familiar with tools like Jenkins, GitLab CI, or Azure DevOps for continuous integration and testing.
• Communication Skills: Ability to explain complex security issues to technical and non-technical teams, work closely with developers and stakeholders.
• Problem-Solving and Analytical Thinking: Strong problem-solving skills, ability to prioritize risks and find innovative solutions to secure applications without impacting performance or usability.
• Humor: A great sense of humor to foster a productive work environment.

Benefits:

• Comprehensive medical, dental, and vision insurance plans with low co-pays and premiums.
• Competitive vacation, sick leave, and 20 paid holidays per year.
• Flexible work schedules and telecommuting options for work-life balance.
• Opportunities for training, certification reimbursement, and career advancement programs for professional development.
• Access to wellness programs, including gym memberships, health screenings, and mental health resources.
• Life insurance and short-term/long-term disability coverage.
• Employee Assistance Program (EAP) for confidential counseling and support services.
• Tuition reimbursement for continuing education and professional development.
• Opportunities to participate in community service and volunteer activities.
• Employee recognition programs to celebrate achievements and milestones.