Senior Application Security Engineer Job Description Template
Our company is looking for a Senior Application Security Engineer to join our team.
Responsibilities:
- Work as part of a team of software and security engineers to design/maintain and build best-in-class product security tools and services;
- Build tools and automation scripts that enable developers to easily consume security services delivered by Security Engineering and Automation team;
- Improve the accessibility of security through automation, continuous integration pipelines, and other means;
- Identify and assess security risks, model threats, and develop mitigation plans;
- Focus on application security that observes compliance with all applicable regulatory and governance frameworks;
- Build mitigations and remediations for security vulnerabilities with your fellow engineers;
- Perform application security software and configuration reviews spanning a wide range of digital technologies (web, mobile, embedded);
- Respond to and handle service and escalation tickets within SLA expectations;
- Focus on integration and automation of services to drive efficiency of testing and remediation of findings;
- Perform cloud infrastructure reviews to ensure we build in a safe-by-default manner, minimizing access risks;
- Align with architects and development teams for a mission of secure design;
- Architect, evaluate, build, and support security-focused tools and services;
- Contribute code that improves security throughout VTS’ products;
- Recommend new security products and technologies;
- Promote security within VTS.
Requirements:
- Ability to readily learn new technologies on-the-go;
- Work as part of a team of software and security engineers to design/maintain and build best-in-class product security tools and services;
- Relevant certifications from SANS, ISC(2) and associated technology partners;
- Vulnerability and penetration testing skills;
- Highly effective communicator; well-honed influencing and negotiating skills;
- Deep knowledge and experience in using SAST, DAST and fuzz testing tools;
- You have a Bachelor degree in Computer Science or related field and 2 -4 years of Software Development Experience;
- Experience in development of applications through automated deployment and orchestration services, such as GitLab, Jenkins, Ansible or Kubernetes;
- Proficiency in software development or scripting (Java, Python, JavaScript, PowerShell, Bash, etc.);
- Solid understanding of network and web protocols;
- Well versed in web application design, penetration testing, application risk assessment and risk categorization;
- Knowledge of the OWASP Testing Framework and OWASP Top 10;
- Excellent communication, presentation, leadership skills;
- Able to multi-task and work independently with minimum supervision to meet firm deadlines;
- Knowledgeable of the current application architectures (Single Page Application (SPA), 3-tier).