Application Security Engineer

Roles and Responsibilities: • Run client SAST/DAST/SCA tools, review outputs and provide recommendations • Implement integrations for tools into pipelines, ticketing systems, etc.

 

Experience Requirements: • 2-3 years experience working in Application Security • Understanding of Integrated Development Environment (IDE) and Continuous integration / Continuous Delivery (CI/CD) Pipeline tools and processes (e.g. Azuer Dev Ops, Jenkins, Bamboo, etc.) • Strong working knowledge of Secure Development Lifecycles and experience remediating technical vulnerabilities identified by web application scanning tools, Information Systems architecture, security control design, and development experience

• Deep knowledge of manual testing tools such as Burp Suite Pro • Knowledge of and experience with SAST/DAST/SCA Application Security tools. Invicti (DAST) or Checkmarx (SAST/SCA) experience highly preferred • Experience with the integration of tools into development pipelines • Understanding of a broad range of Application Security issues as well as their mitigation strategies • Understanding of Application Security related vulnerabilities • Experience with reviewing source code written in JavaScript, Python, Java, C++, PHP, or C# a plus • Written communication skills for written interactions with clients • Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into digestible pieces of information • Personal drive and passion to not only continue growing yourself but also the Application Security Engineering practice • Bachelor's degree in Computer Science or Information Security preferred • Standard industry certifications are preferred