Senior Application Security Engineer
As a senior application security engineer, you will play a key role in developing and designing application-level security controls and standards. This is an opportunity to work in a fast-paced environment where code changes rapidly and security testing is integrated into a continuous deployment/continuous integration flow.
Key Responsibilities:
* Develop and design application-level security controls and standards.
* Perform application security design reviews against new products and services.
* Track and prioritize all security issues.
* Build internal security tools that help fix security problems at scale.
* Perform code review and drive remediation of discovered issues.
* Enable automated security testing at scale to measure vulnerability, and report on risk across all microservice, web, and mobile platforms.
* Execute security tests on thousands of servers distributed across on-premise and public cloud data centers.
Requirements:
* Strong foundations in software engineering.
* Minimum 7 years of technical experience with any combination of: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
* Minimum 2 years experience with Software Development Life Cycle in one or more languages (Rust, Python, Go, Node.js, etc.).
* Minimum 1 year experience with public/private cloud environments (OpenShift, Rancher, Kubernetes, AWS, GCP, Azure, etc.).
* Experience in running assessments using OWASP MASVS and ASVS.
* Working knowledge of exploiting and fixing application vulnerabilities.
* Strong background in threat modeling.
* In-depth knowledge of common web application vulnerabilities (e.g., OWASP Top 10).
* Familiarity with automated dynamic scanners, fuzzers, and proxy tools.
* Analytical problem-solving mindset, offensive security tactics, and strong communication skills to convey technical concepts to diverse audiences.
By joining this team, you will have the opportunity to make a significant impact on the company's security posture and contribute to the development of innovative security solutions.