A Senior Engineer - Application Security is part of an enterprise team responsible for ensuring that Company produces and maintains secure applications. The team member influences secure design, performs code analysis, identifies vulnerabilities through hands-on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams, and management.
- Application Identification and Review - Supports the Application Development Security Lifecycle from design review through automated and hands-on testing.
- Secure Design – Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases.
- Tools Management – Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application’s security with static code analyzers (SAST), dynamic testing (DAST). tools, open source security scanners, and bug bounty programs.
- Developer Education – Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, security cookbooks, and other opportunities.
Knowledge and Experience
- University degree in Computer Science, Engineering, MIS, CIS, or related discipline is required
- 5+ years of application security experience.
- Software engineering experience in Java, C++, .NET and/or related languages is preferred
- Experienced in deploying, configuring, and using SAST, DAST, and Open Source Security scanning tools in enterprise environments.
- Experience with one or more of these specific technologies: Checkmarx, BurpSuite, JFrog Xray, or SourceClear.
- Experience supporting Bug Bounty programs, including triage, validation, and re-testing findings.
- Experience designing solutions to secure sensitive data and secrets by applying cryptography, proper access control, and utilizing hardware security modules (HSM).
- Experience in GIT version control systems, with some familiarity of Perforce, TFS, SVN, or CVS.
- Experience supporting CI/CD pipelines utilizing Jenkins, Artifactory, and similar toolsets.
- Familiarity working with or assessing authn/authz implementations, such as Oauth, SAML, OpenID, ADFS, SCIM, etc.
- Familiarity with IP networking and application-layer protocols (e.g., HTTP, REST, SOAP, SSH, DNS, SMTP, LDAP).