As an Application Security Engineer, you will perform application security testing on web applications, mobile applications, microservices, infrastructure code, and open source code to identify vulnerabilities and weaknesses. You will work closely with development teams, product managers, and other members of the information security team to assess risks and recommend remediation steps.
Requirements
- 3-5 years of proven experience in application security testing, including Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Open Source Security (OSS) testing, Software Composition Analysis (SCA), Infrastructure as Code (IAC)
- Bachelor’s Degree, ideally in a technically related field (Computer Science, Information Technology, Software Engineering), or equivalent work experience
- Relevant certifications: EC-Council Certified Application Security Engineer (C|ASE), (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP), GIAC Web Application Penetration Tester (GWAPT)
- Experience testing web applications for OWASP Top Ten security vulnerabilities
- A thorough understanding of the Software Development Life Cycle (SDLC)
- Experience in promoting and implementing secure coding practices, and providing training and education to development teams on secure development practices
Benefits
- Comprehensive medical, dental, and company paid vision insurance
- 401(k) retirement plan with employer match
- Voluntary life and AD&D insurance options
- Voluntary supplemental insurances for accident, critical illness, and legal services
- Paid time off (PTO) and paid holidays
- Employee assistance and wellness programs
- Company paid short term disability coverage
- Company contributions to health saving funds (with participation in the high deductible health plan)
- Company paid access to Galileo for virtual primary care and Rula for virtual mental health resources
- Communication stipends
- Referral bonuses