Senior Application Security Engineer
Description In this role, you will be responsible for participating in the coordination and presentation of application vulnerability reviews to development, risk, audit, and business teams. This role is technical and will require you to be proficient in the use of state-of-the-art application vulnerability scanning tools and will support critical efforts within the environment to improve the application security profile of the organization. You must possess a passion for finding and fixing application vulnerabilities and stay up to date with CWE's and CVE's in order to effectively convey risks to technical and non-technical audiences. Responsibilities (but will not be limited to):
Hands on use of automated tools and manual testing techniques to identify flaws, weaknesses, vulnerabilities and attack vectors in web applications (SAST, DAST, & IAST) Automating application security solutions across the enterprise Monitoring and responding to Open Source Software weaknesses and exposures Review and coordinate changes to cyber security policies, procedures, and standards Self-audit our application security program in an effort to instill continuous improvement Guiding development teams in best practices across all stages of the SDLC process Evangelizing and driving Application Security inside the company Developing and updating security patterns aligned with security requirements Create, produce and maintain metrics associated with the application security program Qualifications Required Skills and
Experience:
3 or more years of strong applicable security or development experience Knowledge and understanding of the OWASP top 10 Hands-on experience operating in an Agile/DevSecOps oriented environments Experience implementing and supporting application security tools in automated build pipelines Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats Demonstrable experience with application security testing techniques such as white/black box code analysis, fuzzing, penetration testing and code scanning. Experience with automated static (SAST) and dynamic (DAST) tools is a plus. Manual security testing and analysis of web applications, API's, and mobile applications. Skilled in at least one major scripting or programming language (Python, Powershell, JavaScript, Go, Java, C/C++) Recall level of knowledge of SDLC principles Threat modeling and/or participation in secure design or architecture reviews is a plus Application development background is a plus Preferred Education and Certifications:
Bachelor's degree Security related certifications such as OSCP, OSWE, CSSLP, GWAPT, GWEB, CEH preferred Hours & Work Schedule Hours per Week:
40 Work Schedule:
Monday through Friday This position is not available in Colorado
Salary Range:
$80K -- $100K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
Hands on use of automated tools and manual testing techniques to identify flaws, weaknesses, vulnerabilities and attack vectors in web applications (SAST, DAST, & IAST) Automating application security solutions across the enterprise Monitoring and responding to Open Source Software weaknesses and exposures Review and coordinate changes to cyber security policies, procedures, and standards Self-audit our application security program in an effort to instill continuous improvement Guiding development teams in best practices across all stages of the SDLC process Evangelizing and driving Application Security inside the company Developing and updating security patterns aligned with security requirements Create, produce and maintain metrics associated with the application security program Qualifications Required Skills and
Experience:
3 or more years of strong applicable security or development experience Knowledge and understanding of the OWASP top 10 Hands-on experience operating in an Agile/DevSecOps oriented environments Experience implementing and supporting application security tools in automated build pipelines Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats Demonstrable experience with application security testing techniques such as white/black box code analysis, fuzzing, penetration testing and code scanning. Experience with automated static (SAST) and dynamic (DAST) tools is a plus. Manual security testing and analysis of web applications, API's, and mobile applications. Skilled in at least one major scripting or programming language (Python, Powershell, JavaScript, Go, Java, C/C++) Recall level of knowledge of SDLC principles Threat modeling and/or participation in secure design or architecture reviews is a plus Application development background is a plus Preferred Education and Certifications:
Bachelor's degree Security related certifications such as OSCP, OSWE, CSSLP, GWAPT, GWEB, CEH preferred Hours & Work Schedule Hours per Week:
40 Work Schedule:
Monday through Friday This position is not available in Colorado
Salary Range:
$80K -- $100K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
