Senior Application Security Engineer

Responsibilities will include:

• SAST (Static Application Security Testing): Implement SAST tooling into our CI/CD pipeline to identify and prevent vulnerabilities in code before they reach our product.
• DAST (Dynamic Application Security Testing): Perform manual and automated security assessments against our application. Implement robust automated scanning tooling across our web and mobile applications.
• Secure Coding Education: Develop secure code recommendations and guidelines for the organization to follow during the SDLC. Regularly educate the organization on these principles.
• Threat Modeling: Drive the development and maintenance of comprehensive threat models for Entrata's applications. Regularly perform threat models for critical components.
• Vulnerability Management: Lead and guide development teams in implementing effective remediation strategies for identified vulnerabilities.
• Secure Architecture Recommendations: Provide strategic direction and oversight in integrating security measures into the software architecture. Review and provide security recommendations for key software architecture decisions.

Minimum Qualifications:

• Bachelor's or Master’s degree in Computer Science, Information Security, or a related field.
• 6+ years of experience in a Security-related field for a Master’s degree, 8+ years for a Bachelor’s. At least 4 years of experience in an Application Security role.
• Deep knowledge of web application frameworks and technologies.
• Strong understanding of cloud security principles
• Experience managing SAST tooling in a DevSecOps role
• Experience pen testing web applications, and experience with automated DAST tooling
• Strong interest in information security, particularly in software security
• Strong understanding of computer science and software development lifecycles
• Basic understanding of security frameworks and standards (e.g., ISO 27001, CIS AWS Foundations).
• Excellent problem-solving skills and attention to detail.
• Strong communication skills and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders
• Proven ability to lead and collaborate in a team-oriented environment. Experience in mentoring and guiding junior team members.
• Relevant certification, such as CompTIA Sec+

Preferred Qualifications:

• Dedicated software engineering experience developing SaaS applications
• Experience with cloud security tools and technologies
• Familiarity with PHP and NodeJS
• Familiarity with scripting and automation for security tasks (e.g., Python, PowerShell).
• Understanding of threat detection and incident response processes.
• Awareness of cloud compliance and audit procedures.
• Familiarity with security tooling such as Wiz, Splunk, or other open source equivalents
• Advance certifications, such as CISSP, CCSP, CFI, CEH, OSCP, or others