Application Security Engineer

Job Title: Application Security Engineer

Overview:

Our client is on a mission, embracing DevSecOps culture, to provide efficient & secure deployment pipelines for their enterprise compliance solutions. They recognize direct security integration into the software delivery cycle is essential to prevent vulnerabilities, ability to quickly adapt to new compliance regulations, and safely enable on-demand deployments. They understand compliance checklists alone cannot protect their customers, vendors, and partners from malicious attacks and breaches.

They are looking for a passionate developer and pen tester to keep their customers and stakeholders safe. This is a technical role with hands-on engineering requirements. The ideal candidate is a great communicator who loves breaking and fixing applications.

Primary Duties and Responsibilities:

• Guide penetration testing engagements and create new testing methods and exploits.
• Research and report vulnerabilities in the product and infrastructure of the company.
• Monitor and constantly improve the security posture of the cloud environment.
• Automate security controls and reduce response and recovery times.
• Collaborate with development, quality assurance, operation and compliance teams to understand and resolve security issues.
• Monitor and handle security alerts and assist teams with investigations.
• Regularly attend standups, architecture discussions and design reviews for upcoming projects.

Key Skill Requirements:

• Understanding of product security principles and development lifecycle.
• Able to solve complex problems on a regular basis and comes with a strong security mindset.
• Knowledge of TCP/IP networks primarily focused on application layer protocols.
• Hands-on technical experience with Windows, Linux and Cloud technologies (AWS).
• Experience with web applications and backend services, including API design, access management, authorization, authentication, data protection and encryption.
• Experience with product security tools, dependency scanning, SAST, DAST and vulnerability management.
• Experience with security operations tools (SIEM, IDS, IPS, Firewall, etc.).
• Experience with embedded security in CI/CD implementations

Education and Experience:

• 2+ years security experience with appropriate education.

We are an equal opportunities employer and welcome applications from all qualified candidates.