Application Security Engineer
This job does not exist anymore.
Or fill in the form below to receive job alerts.
|Job Type||Temporary / Contract|
|Sector||IT & Telecoms|
- We are looking for an Application Security Engineer who can enable development teams to deliver secure-by-design applications by providing cybersecurity expertise and guidance throughout the system development life-cycle. As an Application Security Engineer, you will integrate tools and analyze the security of our clients data, systems, and applications. This position will provide you with a challenging opportunity to learn and grow.
- Partner with Application Development, DevOps, Quality Engineering, Quality Assurance, and Infrastructure teams to support a continuous “Secure by Design” model to integrate into the full Software Development Life-cycle.
- Discover opportunities to drive integration & automation of application & cloud security controls into CI/CD pipelines.
- Lead vulnerability management for application and AWS cloud security and provide remediation support and security expertise.
- Track and report security vulnerabilities and remediation activities to the clients Security department
- Design threat models to assess security risks with new applications or features.
- Perform application security reviews, verify cloud security configuration, and assess for secure code development.
- Communicate technical application security concepts and recommendations to developers, architects, and functional leaders.
- Promote secure coding practices within the software development teams.
- Continually research and maintain awareness of current vulnerabilities, exploits, and application related cyber threats.
- Provide support, maintenance & policy creation, for SAST, DAST, SCA, Container Security & WAF solutions.
EXPERIENCE AND SKILLS NEEDED
- Minimum 5 years of direct experience in application security, software development security, and/or application penetration testing.
- Application or security certifications preferred (e.g., CISSP, CCSP, CSSLP, OSCP, GWEB, CEH, etc.)
- Experience working with fast moving Agile development teams
- Experience in Cloud security including AWS.
- Developing, integrating, and enabling security engineering test automation into a CI/CD pipeline.
- Experience with any of the application security tools as SonarQube, OWASP Dependency Track, OWASP Dependency Check, Portswigger BurpSuite.
- Experience with security in containerized infrastructure (Docker, Kubernetes, EKS)
- Hands-on on container security tools like Anchor, Docker Bench, Kube Bench
- Know and recognize application security issues such as cross-site scripting, cross-site request forgery, authorization, injection attacks, etc. in code and provide remediation recommendations.
- Subject matter expert of OWASP or SANS.
Start Date: ASAP
End Date: 12+ months