Application Security Engineer

Roles and Responsibilities:
• Run client SAST/DAST/SCA tools, review outputs and provide recommendations
• Implement integrations for tools into pipelines, ticketing systems, etc.

 

Experience Requirements:
• 2-3 years experience working in Application Security
• Understanding of Integrated Development Environment (IDE) and Continuous integration / Continuous Delivery (CI/CD) Pipeline tools and processes (e.g. Azuer Dev Ops, Jenkins, Bamboo, etc.)
• Strong working knowledge of Secure Development Lifecycles and experience remediating technical vulnerabilities identified by web application scanning tools, Information Systems architecture, security control design, and development experience

• Deep knowledge of manual testing tools such as Burp Suite Pro
• Knowledge of and experience with SAST/DAST/SCA Application Security tools such as: Burp Suite, Netsparker, Veracode, Checkmarx, WhiteSource, etc.
• Experience with the integration of tools into development pipelines
• Understanding of a broad range of Application Security issues as well as their mitigation strategies
• Understanding of Application Security related vulnerabilities
• Experience with reviewing source code written in JavaScript, Python, Java, C++, PHP, or C# a plus
• Written communication skills for written interactions with clients
• Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into digestible pieces of information
• Personal drive and passion to not only continue growing yourself but also the Application Security Engineering practice
• Bachelor's degree in Computer Science or Information Security preferred
• Standard industry certifications are preferred