Application Security Engineer

Responsibilities

• Review code for security vulnerabilities and assist in remediation.
• Maintain accurate library dependency trees and correlate with CVE information.
• Support penetration testing efforts in the company, including coordinating customer-initiated penetration tests and remediation efforts.
• Provide primary support for private bug bounty or public bug bounty efforts and facilitate remediation with appropriate development teams. 
• Investigate claims of application security incidents.
• Provide vulnerability remediation efforts and lead the vulnerability management program for the security team.
• Identify end of support (EoS) and vulnerable libraries and code components which need to be prioritized for remediation and lead efforts of documenting and scoping necessary work.  
• Develop company-wide best practices for product and platform security.
• Research security enhancements and make recommendations to management.
• Stay up-to-date on application security trends and development standards.

Qualifications

• 4+ years combined in information technology/security with emphasis on application security.
• A BS/MS degree in a technical field such as information security or computer science can be considered as supplementary experience.
• Experience with scripting and development languages (e.g., JavaScript, Python, C++)
• Automation skills are required.
• Strong history in advising and executing red-teaming exercises and alerting the SOC for appropriate incident response.
• High degree of familiarity with web application security best practices and implementing secure enterprise web applications.
• Significant experience with SIEM and logging technologies.
• Knowledgeable with Threat Hunting practices.
• Experience with SDLC processes and creating code scanning automations and run books / play books.
• Experience with SAST scanning tools for code scanning and remediation processes.
• Experience with DAST scanning tools for application testing 
• Experience with hardening web services, load balancers and web application endpoints.
• Experience with Configuring WAF solutions and ensuring rules are aligned with the OWASP Top 10 recommendations.  
• Experience with AWS, GCP and Azure cloud infrastructure security.
• Working knowledge of security requirements for SOC 2 Type I & II, HIPAA, GDPR, CCPA and CJIS. 
• Strong project management experience.
• A strong curiosity, initiative, persistence, and willingness to experiment to provide solutions to diverse technical challenges.
• Strong team player and work ethic are essential.

Preferred Qualifications

• Significant experience with software engineering, incident response and security operations best practice.
• Significant experience with orchestration and observability tools.
• CCIE certification or equivalent experience. 
• CISSP certification or equivalent experience. 
• OSCP/GPEN/GXPN certification or equivalent experience.
• GSEC certification or equivalent experience.
• CISM certification or equivalent experience.