Application Security Engineer Job Description

Application Security Engineer Job Description Template

Our company is looking for a Application Security Engineer to join our team.

Responsibilities:

  • Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes;
  • Consulting with development teams on remediation techniques and defensive coding;
  • Develop new security tools;
  • Other duties and responsibilities as assigned;
  • Conduct monthly vulnerability code scans;
  • Lead Security Training of developer teams (using OWASP Top Ten or equivalent framework);
  • Support incident response processes during security-related incidents;
  • Lead Security Training of developer teams (using OWASP Top Ten or equivalent framework);
  • Evaluation of new technologies, tools, and/or development techniques that impact security;
  • Review existing solution and assist in making refinements improving security;
  • Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements and concerns;
  • Perform Security Operations including vulnerability management, data loss/leakage prevention, and incident response;
  • Work with DevOps engineers to integrate static and dynamic analysis security tools into CI/CD pipelines;
  • Install/Configure and use tools such as Fortify, HP Scan to perform white box security assessments;
  • Develop application security and product best practices to standardize security practices.

Requirements:

  • Bachelor’s Degree in Computer Science or related field – equivalent work experience will be considered;
  • Experience with retail, financial, and/or hospitality software, particularly the types of vulnerabilities and security testing associated with them;
  • Solid experience with establishing software dev policies across an organization;
  • Understand application architectural patterns, such as MVC, Microservices, Event-driven etc;
  • Proficient in at least one of the following languages: Java, .NET, Node.js, or Python;
  • Understanding and passion for Agile/XP/Scrum/Kanban;
  • Solid Container DevOps experience;
  • Experience with privacy requirements of a global corporation (e.g. GDPR, CCPA);
  • You thrive on a high level of autonomy and responsibility;
  • Well versed in web application design, penetration testing, application risk assessment and risk categorization;
  • Experience implementing DevSecOps for large program using Agile, preferably SAFe, development methodology;
  • Super bonus points for experience with iOS or Android security;
  • Penchant for approaching each problem with a secure by design mindset;
  • Extensive understanding of common security vulnerabilities such as the OWASP Top Ten: SQLi, XSS, and CSRF;
  • Understanding that security is an iterative process that should enable business goals rather than a binary state that hamper them.