Cyber Security Engineer

CYBER SECURITY ENGINEER ROLE

Job Title:AppSec Engineer

The AppSec Engineer is a specialized cybersecurity role focused on DevOps engineering principles. While the expectation of their sibling role – SAE – is to have practical working security knowledge, this role specializes in it. In a multi-product environment as we have here, there are common security concerns that cut across teams. This role will be responsible for building, integrating and maintaining the connective infrastructure that will help automate security processes throughout the various product team’s environments.

The person is expected to understand our product environments well – they won’t be doing feature work, but they will not be successful without understanding the overall

architecture, the current build environment, and the tooling and technical stack of the product teams. Additionally, the team this role is attached to will lead the triage process for cybersecurity vulnerabilities identified throughout the various product environments .

Qualification:

Education:

Discipline

Experience:

Job Responsibilities (Typical day in AppSec Engineer’s life):

• Read/learn/discuss latest trends/tools/best practices/updates of cyber security, application development, and cloud services industries.
• Perform custom impact and risk analysis of identified security vulnerabilities for each product team.
• Create mitigation plans with product teams to resolve security vulnerabilities.
• Build tooling to automate security into the product teams’ development, build, deployment, and operational processes.
• Actively contribute to story planning, identifying and providing expertise on work items that involve security considerations.

• Be On-Call for:
• Cyber security breaches
• High impact events (like a day zero effecting a team) or a breach
• Uptime disruptions caused by their contributions.

Skills Required (AppSec Engineer’s superpowers):

• Cloud Platform: AWS, Microsoft Azure
• Development Environments: VSCode, JetBrains, Eclipse
• Programming languages: Know at least a few languages well (Java, JavaScript/TypeScript, C++, C, Python, Powershell, unix shell, etc.)
• Infrastructure as Code: CloudFormation, CDK, Bicep, Terraform, Ansible, etc.
• SIEM/SOAR: Microsoft Sentinel, Splunk, Checkmarx
• OS: Linux, Windows
• Configuration Management tools: Git, GitHub, GitLab, Azure DevOps
• Vulnerability management tools: Nessus Pro, Tenable IO, FireEye, CrowdStrike, Defender, SpyCloud etc.

Competencies (Who AppSec Engineer is):

• Willingness to prioritize team success over individual recognition.
• Champions collaboration, knowledge sharing, and mentoring as foundational practices.
• Committed to improving DevSecOps processes through continuous learning and experimentation.
• Supports sustainable pace and actively addresses technical debt.
• Willing to work onsite one week per quarter.

Annual Goals (What AppSecEngineer will be measured on):

• Direct reduction of measured security vulnerabilities via tooling
• Cycle time to mitigate vulnerabilities, assigned -> closed
• When On-Call, 100% of response times under 15 minutes
• Leads annual threat modeling exercise for all products assigned