Application Security Engineer

We are seeking a highly motivated individual with a strong background in software development. The ideal candidate will have transitioned from a development role into security and have experience in threat modelling, application penetration testing, and vulnerability management.

 

You Will Have The Opportunity To: 

– Lead the effort to identify potential security risks to the organization’s applications and systems through the creation and maintenance of threat models.

– Perform security assessments of the organization’s applications and systems to identify vulnerabilities, assess their impact, and provide recommendations for mitigation and/or remediation.

– Collaborate with development teams to perform vulnerability assessments, prioritize vulnerabilities based on risk, and help mitigate the risk through the development of security best practices and the implementation of secure coding practices.

– Evaluate third-party code and/or libraries against known vulnerabilities.

– Perform source code reviews to identify potential security risks and provide recommendations for remediation.

– Implement and manage security testing tools (SAST/DAST) to continuously monitor the security posture of the applications.

– Drive the integration of security into the CI/CD pipeline, ensuring seamless integration of security measures into the overall software development process.

– Act as technical contributor to all things related to application security.

– Be available on-call 24×7 to respond to security incidents and provide support to the incident response team.

What You Will Bring

– Bachelor’s degree in Computer Science or a related field.

– Strong development experience with both front-end and back-end technologies.

– Demonstrated ability to perform Web Application and API penetration testing.

– Experience securing container and microservices technologies (Kubernetes).

– Experience with cloud platforms such as Google Cloud Platform (GCP) and Amazon Web Services (AWS).

– Experience with the ELK (Elasticsearch, Logstash, and Kibana) stack.

– In-depth understanding of DevSecOps principles and practices.

– Familiarity with the OWASP Application Security Verification Standard (ASVS) and the ability to implement and adhere to its guidelines.