Sr. Application Security Engineer Job Description Template
Our company is looking for a Sr. Application Security Engineer to join our team.
Responsibilities:
- Provide detailed security review reports to developers and other stakeholders;
- Occasional travel required to other office locations;
- Keep up with development and security trends in the video game industry and in the technology sector in general;
- Develop new standards and process for DevSecOps in a Continuous Integration / Continuous Delivery (CICD) environment;
- Guide secure coding practices and processes;
- Support the management, control and upgrade of selected SDLC tool suites;
- Evaluate and maintain SAST and DAST tools for automated scanning;
- Guide secure architecture and secure product designs (Threat Modeling);
- Support development teams and PSG in technical analysis of tool outputs;
- Lead secure web applications delivery via industry leading AppSec practices;
- Provide guidance on secure software development at all stages of the SDLC. – Including architecture and design reviews prior to start of development;
- Lead the product teams through the Axway SDLC;
- Lead, perform, and guide Penetration Testing on internal products;
- Review software for vulnerabilities prior to shipping;
- Assist the other members of the security team during testing and purple team exercises.
Requirements:
- Passionate about a wide-range of gaming and technology/digital trends;
- Excellent verbal, written, and interpersonal skills;
- Ability to multi-task and thrive on a small team in a fast-paced environment;
- Strong engineering skills with attention to detail;
- Experience with cloud computing and infrastructure (AWS, GCP, Azure, OpenStack, etc);
- Experience shipping a software product;
- Knowledgeable in security aspects of Linux and Windows; TCP/IP, and other internet protocols; and high- and low-level debugging;
- 10+ years application security experience; or 10+ years software engineering experience including some application security experience;
- In-depth knowledge of one or more of the following: Java, Python, JS/Node, PHP, C#
- Experience in securing solutions in the cloud;
- Team player who can work with a wide variety of personalities across remote locations;
- Basic networking knowledge and experience;
- Thorough understanding of authentication/authorization principles;
- Knows the OWASP top 10 inside and out;
- Experience writing software in one or more of the following languages: Ruby, Golang, Python and Java.