Senior Application Security Engineer

Employment Type

: Full-Time

Industry

: Defense/Security Clearance



Loading some great jobs for you...







Information Security within our organization is committed to making our organization, products, and services as secure as possible. Product (Application) Security plays an integral role in defining the security narrative for the Product and Engineering teams, ensuring security is embedded into existing and new services that we launch. Product Security engineers use a pragmatic, empathetic, and timely approach to provide actionable advice while also considering the challenges in delivering high-quality products and services. Our mission is to enable our organization to safely and securely launch new initiatives and services promptly.

As a Senior Product Security Engineer, you deeply understand the technology stack used with our organization; you aim to identify and eliminate security vulnerabilities proactively. Your focus is forward-facing, building tools and services that ensure the safety of our platform and its valued client data against commonly known attacks. You will lead within the Information Security team by scoping and delivering tooling and services while mentoring your teammates to ensure they are delivering in line with our team culture and practices.

The Product Security Team Works On The Following



  • Perform application threat modeling

  • Create the guiding application security documentation and advice to engineers

  • Coordinate and perform manual and automated code tests

  • Ownership and coordination of automation initiatives and projects

  • Ownership and coordination of the periodic application penetration tests and Bug Bounty program

  • Perform ad-hoc application and code security scans

  • Conduct analysis and share the root cause of common security issues within the code and how to avoid them

  • Act as the technical leader and mentor within Information Security as well as Product and Engineering teams



Requirements

We expect each Product Security Engineer to add a unique set of expertise that contributes to the essential skill of relating to software developers. As a senior member of the team, you are well-versed in the following domains:



  • 5+ years of relevant work experience on an internal security team, working either on the offensive or defensive sides of security

  • Demonstrate the ability to understand and discover attack surfaces, live and breath commonly known attacks such as Cross-Site Scripting, Remote Code Execution while navigating the source code comfortably

  • Demonstrate a firm understanding of cryptographic dos and don'ts

  • Have built and implemented security tooling and solutions in the product lifecycle, including security tooling for the Continuous Integration and Deployment pipeline

  • Familiarity and previous experience using Metasploit, Burp Suite, fuzzing, and Jenkins strongly preferred

  • Possess the restlessness ability and desire to break things

  • Demonstrate an understanding of application architectural patterns, such as MVC, microservices, event-driven architectures, etc.

- provided by Dice

Launch your career - Create your profile now!

Create your Profile

Loading some great jobs for you...