The Associate Application Security Engineer will be responsible for ensuring the security of our applications throughout the software development lifecycle. They will collaborate closely with cross-functional teams, including developers, system administrators, and quality assurance professionals, to identify and mitigate potential security risks, implement secure coding practices, and promote a culture of security awareness. This is a crucial role in protecting our organization's critical assets, data, and customer information from security threats and vulnerabilities.

Essential Requirements

  • Conduct application security assessments and penetration testing to identify vulnerabilities, weaknesses and potential risks.
  • Collaborate with development teams to integrate security controls and best practices into the software development lifecycle, including requirements gathering, design, coding, testing, and deployment.
  • Perform secure code reviews to identify and remediate security flaws, such as input validation, authentication, and authorization issues.
  • Develop and maintain secure coding standards and guidelines, providing guidance and support to developers to ensure compliance.
  • Monitor and analyze application logs, security events, and alerts to detect and respond to security incidents in a timely manner.
  • Stay up to date with the latest security threats, vulnerabilities, and industry best practices to proactively identify emerging risks and recommend appropriate mitigation strategies.
  • Collaborate with cross-functional teams to conduct security risk assessments of applications, infrastructure, and third-party vendors.
  • Participate in the design and implementation of secure application architectures, including threat modeling and security controls selection.
  • Act as a subject matter expert in application security, providing guidance, training, and mentorship to development teams and other stakeholders.
  • Contribute to the development and enhancement of security tools, processes, and frameworks to streamline security practices across the organization.

Desired Requirements

  • Bachelor’s degree in computer science, Information Security, or a related field - or equivalent work experience.
  • 0-1 years direct Security Engineering experience in a progressive technology setting, utilizing on-prem environment and cloud (MS Azure and AWS cloud service providers).
  • Tenured understanding of application security concepts, including secure coding practices, authentication and authorization mechanisms, encryption, and vulnerability assessment.
  • Hands-on experience with application security tools such as static code analysis (SAST), dynamic application security testing (DAST), and penetration testing frameworks.
  • Strong knowledge of common web application security vulnerabilities (OWASP Top 10), attack vectors, and mitigation techniques.
  • Familiarity with web application frameworks, languages, and technologies (e.g., Java, JavaScript, Python).
  • Experience with cloud security concepts and practices, particularly in cloud-native environments (e.g., AWS, Azure, GCP).
  • Proficiency in scripting or programming languages for automation and tooling (e.g., Python, Bash, PowerShell).
  • Excellent analytical and problem-solving skills, with the ability to assess and communicate risks effectively.
  • Professional certifications in application security (e.g., CSSLP, GWAPT, CISSP) are highly desirable.
  • Administration of security tools such as: Anti DDoS WAF, SAST and DAST.
  • Secure software development lifecycle (SSDLC) and DevSecOps practices.

Desired Behaviors

  • Adaptability: Demonstrates flexibility and openness to change. Actively seeks and adopts improved approaches and processes.
  • Proactive Action: Takes initiative and is driven by results. Takes ownership of actions and outcomes, meeting commitments and striving for high performance.
  • Effective Workload Management: Makes timely decisions, prioritizes tasks effectively, solves problems, monitors results, and takes corrective action when necessary.
  • Technical Proficiency: Possesses a solid understanding of their role and responsibilities, demonstrating competence in performing tasks and utilizing relevant technical skills.
  • Continuous Learning: Takes personal responsibility for learning and development. Recognizes personal strengths and areas for improvement, actively seeks feedback, and embraces opportunities to learn.
  • Effective Communication: Demonstrates strong facilitation and written communication skills. Clearly articulates ideas and proposals, actively listens to colleagues' perspectives, and values diverse viewpoints.
  • Collaboration: Shares information, fosters teamwork, and contributes to a positive work environment. Actively collaborates with others and encourages a sense of unity and cooperation among team members.
  • Ethical Conduct and Competence: Acts with integrity and intent, displaying ethical character in all actions. Takes accountability for one's own behavior and aligns actions with the company's values and principles.
  • Good Citizenship: Represents the values and interests of Outseer. Acts as a positive ambassador for the company and contributes to the overall well-being and success of the organization.

Outseer is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Outseer are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Outseer will not tolerate discrimination or harassment based on any of these characteristics. Outseer encourages applicants of all ages.