Application Security Engineer - Remote

EVOTEK is North America's premier enabler of secure digital business focused on innovation. With an integrated set of technical domains, including data center, network, security, cloud, and communications, EVOTEK provides a cohesive approach to digital initiatives while driving business impact. In addition to technical solutions, EVOTEK offers advisory services and strategic sourcing to help bridge the gap between IT and business, reducing functional silos and facilitating alignment. EVOTEK was named Inc. Magazine's "Best Places to Work" in 2018, 2020, and 2022. In addition, for seven consecutive years, EVOTEK was listed in The San Diego Business Journal's "Best Places to Work" and recognized in CRN's "Solution Provider 500" list, CRN's "Next-Generation 250" list, CRN's "Triple Crown" and highlighted as CRN's "Top 150 Growth Companies".

The Application Security Engineer ensures that company applications and services are secured and implemented with the best security practices. The main goal of AppSec Engineer is to protect applications from security attacks by developing, inserting, and testing security components that make the application more secure. The ideal candidate will support application security reviews, threat modeling, and perform application security vulnerability management.

• Perform secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilities.
• Coordinate with product, engineering, and other departments to support secure outcomes, while building out the product security knowledge base.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Exposure to various application security testing tools and common offerings for application security testing and analysis.
• Experience with Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools.
• Responsible for designing and evaluating application security in all phases of the application life cycle.
• Apply coding and testing standards, apply security testing tools and conduct code reviews.
• Determine and document software patches or the extent of releases that would leave software vulnerable.
• Ability to triage, reproduce, and recommend remediations for vulnerabilities.
• Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
• Identify basic common coding flaws at an elevated level while consulting with engineering staff to evaluate interface between hardware and software.
• Develop threat model based on customer interviews and requirements and consult with customers about software system design and maintenance.
• Effectively communicate security threats to non-technical stakeholders.
• Apply secure code documentation while improving practices and maintenance.

Qualifications include:

• Understanding of different compliance frameworks and their implications in building secure software.
• Ability to identify solutions for common security problems while participating in a broader agile Application Security team.
• Effective understanding of security industry best practices such as protocols, cryptography, authentication, authorization, and secure application programming.
• Comprehensive understanding of software development lifecycle models as well as secure coding techniques.
• Proficiency in the use of application security testing tools (e.g., SAST, DAST, SCA, IAST, WAF).
• Strong written and verbal communication skills to both technical and non-technical personnel.
• A mix of relevant certifications in key areas would be helpful (but not required): CSSLP, CISSP, CASE.
• Salary commensurate with years’ of experience, technical expertise and geographic location.
• Salary range: $100,000 to $175,000.
• Performance bonuses.
• Benefits package that includes 100% paid medical, dental and vision for the employee.
• 401(k) with employer match.
• Strong company culture.
• Flexible PTO policy.
• Flexible working arrangements.
• Annual company overnight retreat (employee + significant other)

EVOTEK is North America's premier enabler of digital business with a focus on innovation.

Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.

Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.

An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report . NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.