Associate Application Security Engineer 2

The role of an Application (software) Security Engineer is an entry-level, hands-on, engineering-focused position with the responsibility of fostering a Secure SDLC and secure by design approach and practice across all software engineering teams. You must possess a good combination of problem-solving and communication skills to effectively support the Application Security, InfoSec, and Software engineering teams. Your main responsibilities will include configuring and fine-tuning Application Security tests and vulnerability scans, integrating security testing into CI/CD pipelines, and collaborating with Senior Application Security engineers on Penetration tests set up and validation. Additionally, you will be expected to document and update processes and procedures, conduct research and consultations with colleagues, deliver secure software development training such as OWASP Top10, and collaborate with Security Analysts on software vulnerabilities and security issues. This will involve determining scope, severity, and potential impact of security issues, recommending next steps, and following through with risk treatment and mitigation. You will also be required to appropriately escalate issues to various teams and levels of authority within the organization. To qualify for this role, you must have a Bachelor's degree in a relevant business or technical discipline, along with a minimum of 3 years of relevant work experience. Demonstrated knowledge of application security concepts, best practices, and methods is essential, as well as experience with various application security tools including SAST, SCA, and DAST. Experience with Web Application security testing like Web Pentesting, Fuzzing, and Automated tests is also required. Ideally, you will also have experience securing cloud infrastructure and cloud applications, working knowledge of various architectures and design patterns, ability to code in at least one programming language (such as python, javascript, or go), familiarity with AWS native security tools, and knowledge of current and emerging security technologies and threats. Experience with threat analysis methodologies and tools, developer tools, project management, bug tracking systems, and integrating security tools into CI/CD pipelines would be considered advantageous for this role. This is a challenging yet rewarding opportunity for an individual with a passion for application security and a drive to contribute to the implementation of secure software practices within a dynamic organization.,