Application Security Engineer

Role & responsibilities

Major Responsibilities/Activities:

• Understand and be comfortable explaining OWASP Top 10 Application Security Principles
  

• Conducting initial triage assessments of findings from security systems
  

• Explain in detail common attack vectors such as buffer overflows, SQL injection, CSRF, XSS, to both software developers and management
  

• Conduct Threat Modeling and work with Software Product R&D teams to improve the Secure SDLC processes.
  

• Security consultancy and advice to software development teams
  

• Providing teams with functional security requirements
  

• Security design reviewsand assessments, with and without source code access
  

• Conduct comprehensive penetration testing of our web applications, infrastructure, and networks to identify potential vulnerabilities and provide retesting support
  

• Work closely with business teams to promote secure code development by providing security requirements throughout the development process
  

• Travel required: None
  

Preferred candidate profile

• Bachelor's degree in computer science, cybersecurity or equivalent experience in software development, penetration testing, or QA testing.
  

• Knowledge of OWASP Top 10, CVSS, CWE, SANS-25.
  

• Hands on experience with common penetration testing tools such as Kali Linux, Metasploit, Burp Suite, Wireshark, Nessus, etc.
  

• Knowledge of web applications, network protocols, and infrastructure architectures.
  

• Strong analytical, problem-solving skills and communication skills.
  

What we would like to see

• Experience working with Static Analysis and/or Dynamic Analysis tooling and results (Checkmarx, Veracode, Fortify on Demand, etc).
  

• Experience working with C#, .NET, Java, JavaScript, and/or Python.
  

• Experience creating and reviewing Threat Models.
  

• An accepted submission to a vulnerability disclosure program.
  

• Hold an entry level industry-recognized certification in penetration testing (CompTIA Pentest+, EC-Council Certified Ethical Hacker, etc) and/or software security (GAQM Certified Software Security Tester, SecOps Group Certified AppSec Practitioner, etc).