Application Security Engineer

The Application Security Engineer evaluates application security in all phases of the software development life cycle. Works closely with te...

The Application Security Engineer evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software security architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.

Job Responsibilities:

Supports the development of technical security safeguards to protect information systems from intentional (unauthorized) or accidental (inadvertent) access or destruction.
Serves as a liaison between development teams and stakeholders to understand and formulate security requirements for project/program.
Apply broad technical knowledge and skills to analyze, develop, create and implement process improvements, trouble shooting, and operational support.
Defines, maintains, and enforces application security best practices.
Conducts vulnerability assessment and manual/automated code reviews.
Explains and demonstrates vulnerabilities to application owners and provide recommendations for mitigation.
Documents security defects in defect management system
Identifies additional application security related tools, conducts tool analysis, and provided recommendations.

Minimum Qualifications:

Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.

Certifications/Licensures:

Desired Security+, CEH, GWAPT, GWEB, GSSP, CSSLP or SSP

Relevant Work Experience:

5-7 years of experience as an Application Developer, Penetration Tester, or equivalent.

Required Skills:

Working experience and knowledge of operating systems (e.g.: Windows, UNIX/Linux) and databases (Oracle, MySQL).
Experience in any of the web applications language (.Net, Java, Cold Fusion, PHP, Node.js, Ruby on Rails)
Experience in Security tools like Nessus, IBM AppScan, HP Fortify, CheckMarx etc.
Experience in software development using major programming languages, frameworks and open source libraries (e.g.: .NET, Java, Spring, Hibernate, JavaScript, Ruby, Python)
Experience in SDLC and software development methodologies such as Waterfall, Iterative, Agile or DevOps
Understanding of entire technology stack of networks, databases, applications and endpoints
Understanding of web service technologies such as XML, JSON, SOAP, and REST
Experience with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP.
Good knowledge of OWASP Top 10 such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), and other attack vectors.
Knowledge or experience with security technologies, single-sign-on and identity management technologies.
Understanding of encryption, hashing, secure random number generation, key derivation, digital signatures, etc.
Knowledge of risk analysis standards (e.g. NIST 800-30, CVSS, AVSS)