Application Security Engineer Job Description Template
Our company is looking for a Application Security Engineer to join our team.
Responsibilities:
- Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes;
- Consulting with development teams on remediation techniques and defensive coding;
- Develop new security tools;
- Other duties and responsibilities as assigned;
- Conduct monthly vulnerability code scans;
- Lead Security Training of developer teams (using OWASP Top Ten or equivalent framework);
- Support incident response processes during security-related incidents;
- Lead Security Training of developer teams (using OWASP Top Ten or equivalent framework);
- Evaluation of new technologies, tools, and/or development techniques that impact security;
- Review existing solution and assist in making refinements improving security;
- Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements and concerns;
- Perform Security Operations including vulnerability management, data loss/leakage prevention, and incident response;
- Work with DevOps engineers to integrate static and dynamic analysis security tools into CI/CD pipelines;
- Install/Configure and use tools such as Fortify, HP Scan to perform white box security assessments;
- Develop application security and product best practices to standardize security practices.
Requirements:
- Bachelor’s Degree in Computer Science or related field – equivalent work experience will be considered;
- Experience with retail, financial, and/or hospitality software, particularly the types of vulnerabilities and security testing associated with them;
- Solid experience with establishing software dev policies across an organization;
- Understand application architectural patterns, such as MVC, Microservices, Event-driven etc;
- Proficient in at least one of the following languages: Java, .NET, Node.js, or Python;
- Understanding and passion for Agile/XP/Scrum/Kanban;
- Solid Container DevOps experience;
- Experience with privacy requirements of a global corporation (e.g. GDPR, CCPA);
- You thrive on a high level of autonomy and responsibility;
- Well versed in web application design, penetration testing, application risk assessment and risk categorization;
- Experience implementing DevSecOps for large program using Agile, preferably SAFe, development methodology;
- Super bonus points for experience with iOS or Android security;
- Penchant for approaching each problem with a secure by design mindset;
- Extensive understanding of common security vulnerabilities such as the OWASP Top Ten: SQLi, XSS, and CSRF;
- Understanding that security is an iterative process that should enable business goals rather than a binary state that hamper them.