Sr. Application Security Engineer Job Description

Sr. Application Security Engineer Job Description Template

Our company is looking for a Sr. Application Security Engineer to join our team.

Responsibilities:

  • Provide detailed security review reports to developers and other stakeholders;
  • Occasional travel required to other office locations;
  • Keep up with development and security trends in the video game industry and in the technology sector in general;
  • Develop new standards and process for DevSecOps in a Continuous Integration / Continuous Delivery (CICD) environment;
  • Guide secure coding practices and processes;
  • Support the management, control and upgrade of selected SDLC tool suites;
  • Evaluate and maintain SAST and DAST tools for automated scanning;
  • Guide secure architecture and secure product designs (Threat Modeling);
  • Support development teams and PSG in technical analysis of tool outputs;
  • Lead secure web applications delivery via industry leading AppSec practices;
  • Provide guidance on secure software development at all stages of the SDLC. – Including architecture and design reviews prior to start of development;
  • Lead the product teams through the Axway SDLC;
  • Lead, perform, and guide Penetration Testing on internal products;
  • Review software for vulnerabilities prior to shipping;
  • Assist the other members of the security team during testing and purple team exercises.

Requirements:

  • Passionate about a wide-range of gaming and technology/digital trends;
  • Excellent verbal, written, and interpersonal skills;
  • Ability to multi-task and thrive on a small team in a fast-paced environment;
  • Strong engineering skills with attention to detail;
  • Experience with cloud computing and infrastructure (AWS, GCP, Azure, OpenStack, etc);
  • Experience shipping a software product;
  • Knowledgeable in security aspects of Linux and Windows; TCP/IP, and other internet protocols; and high- and low-level debugging;
  • 10+ years application security experience; or 10+ years software engineering experience including some application security experience;
  • In-depth knowledge of one or more of the following: Java, Python, JS/Node, PHP, C#
  • Experience in securing solutions in the cloud;
  • Team player who can work with a wide variety of personalities across remote locations;
  • Basic networking knowledge and experience;
  • Thorough understanding of authentication/authorization principles;
  • Knows the OWASP top 10 inside and out;
  • Experience writing software in one or more of the following languages: Ruby, Golang, Python and Java.