Enable job alerts via email!

Sr. Application Security Engineer

Bridge Technologies and Solutions

San Francisco (CA)

On-site

USD 90,000 - 150,000

Full time

30+ days ago

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

An established industry player is seeking a skilled professional to enhance their Vulnerability Management Program. In this role, you will leverage your expertise in Application Security, utilizing advanced scanning tools and frameworks to identify and mitigate vulnerabilities in software applications. Your analytical skills will be crucial in conducting thorough secure code reviews and manual testing, ensuring the integrity and security of applications. This is an exciting opportunity to work in a dynamic environment where your contributions will directly impact the security posture of the organization. If you are a motivated individual with a passion for security, this role is perfect for you.

Qualifications

5-7 years of experience in security with a focus on Application Security.
Strong knowledge of software vulnerabilities and remediation techniques.

Responsibilities

Utilize commercial application scanning tools for vulnerability management.
Conduct secure code reviews and manual testing for vulnerabilities.

Skills

Vulnerability Management

Application Security

Problem Solving

Analytical Skills

Java

Python

Ruby

Technical Writing

Independent Work

Education

Certifications (CISSP, CEH, GWAPT, GPEN, OSCP)

Tools

Acunetix

IBM's AppScan

WebInspect

NTOSpider

Cenzic's Hailstorm

Burp Suite Professional

We need a resource who has experience working within a Vulnerability Management Program that understands Application Security with 5-7 years of security experience.

Responsibilities:
• Experience with any of the following commercial application scanning tools such as Acunetix, IBM's AppScan, Client's WebInspect, NTOSpider, Cenzic's Hailstorm, Burp Suite Professional
• Understanding of Web Services technologies such as XML, SOAP, and AJAX
• Understanding of various web application frameworks such as ASP.NET, J2EE, Zend
• Web Server configuration knowledge: Microsoft IIS, Apache HTTP Server, Apache Tomcat
• Experience in application level attacks, bypassing firewalls, evading intrusion detection
• Experience building automated tool sets or expanding existing toolset libraries
• Secure code review experience using automated toolsets
• Software Engineering career experience
• Following Certifications: CISSP, CEH, GWAPT, GPEN, OSCP
• Thorough understanding of software vulnerabilities
• Knowledge of OWASP Top 10, SANS Top 25, CWE, WASC
• Ability to demonstrate understanding of vulnerability remediation
• Familiarity with malicious code identification and common hacker attack techniques
• Ability to research and reproduce vulnerability exploitation
• Understanding of advanced cryptographic concepts.
• Ability to demonstrate manual testing experience including all of OWASP Top 10.

Qualifications

Skills Required:
• Excellent problem solving and analytical skills
• Superior oral and technical writing communication skills
• Independence, self-managed, and motivated
• Knowledge of the Software Development Lifecycle in an enterprise environment
• Programming experience in two of the following languages: C#, Java, Python, Ruby

Additional Information

All your information will be kept confidential according to EEO guidelines.

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.

Similar jobs