Senior Application Security Engineer

Senior Application Security Engineer Job Description Template

Our company is looking for a Senior Application Security Engineer to join our team.

Responsibilities:

  • Work as part of a team of software and security engineers to design/maintain and build best-in-class product security tools and services;
  • Build tools and automation scripts that enable developers to easily consume security services delivered by Security Engineering and Automation team;
  • Improve the accessibility of security through automation, continuous integration pipelines, and other means;
  • Identify and assess security risks, model threats, and develop mitigation plans;
  • Focus on application security that observes compliance with all applicable regulatory and governance frameworks;
  • Build mitigations and remediations for security vulnerabilities with your fellow engineers;
  • Perform application security software and configuration reviews spanning a wide range of digital technologies (web, mobile, embedded);
  • Respond to and handle service and escalation tickets within SLA expectations;
  • Focus on integration and automation of services to drive efficiency of testing and remediation of findings;
  • Perform cloud infrastructure reviews to ensure we build in a safe-by-default manner, minimizing access risks;
  • Align with architects and development teams for a mission of secure design;
  • Architect, evaluate, build, and support security-focused tools and services;
  • Contribute code that improves security throughout VTS’ products;
  • Recommend new security products and technologies;
  • Promote security within VTS.

Requirements:

  • Ability to readily learn new technologies on-the-go;
  • Work as part of a team of software and security engineers to design/maintain and build best-in-class product security tools and services;
  • Relevant certifications from SANS, ISC(2) and associated technology partners;
  • Vulnerability and penetration testing skills;
  • Highly effective communicator; well-honed influencing and negotiating skills;
  • Deep knowledge and experience in using SAST, DAST and fuzz testing tools;
  • You have a Bachelor degree in Computer Science or related field and 2 -4 years of Software Development Experience;
  • Experience in development of applications through automated deployment and orchestration services, such as GitLab, Jenkins, Ansible or Kubernetes;
  • Proficiency in software development or scripting (Java, Python, JavaScript, PowerShell, Bash, etc.);
  • Solid understanding of network and web protocols;
  • Well versed in web application design, penetration testing, application risk assessment and risk categorization;
  • Knowledge of the OWASP Testing Framework and OWASP Top 10;
  • Excellent communication, presentation, leadership skills;
  • Able to multi-task and work independently with minimum supervision to meet firm deadlines;
  • Knowledgeable of the current application architectures (Single Page Application (SPA), 3-tier).