Job Title: Senior Application Security Engineer
Why work here as a Senior Application Security Engineer?
- Our client is a trusted name around the globe in providing world-class financial accounting software.
- This company is committed to delivering streamlined, modern cloud-based platforms as a foundation for customers’ business needs.
- Laid-back environment with flexible hours, competitive benefits, and performance-based bonuses.
As a Senior Application Security Engineer, you will:
- Identify risks and areas of exposure in applications developed and/or used by the company
- Perform security reviews of source code, stored procedures, and server/service configurations
- Define and document application security requirements for all applications
- Supervise the development of security components in all phases of the SDLC
- Perform manual and automated security testing
- Monitor application logs and audit trails
- Review industry trends and threat landscape and propose necessary controls or course correction
- Train developers on secure coding techniques and security best practices
- Participate in development of security policies, standards, and processes
- Assist with incidents and carry out application-related forensics activities
What Gets You the Job?
- 5+ years’ hands-on experience in an application security position
- Hands-on development experience and knowledge of object-oriented programming (Java, C#, ASP.NET is preferred)
- Knowledge of software development principles and SDLC models (experience with Agile is nice to have)
- Experience with web application technologies (i.e. MVC, Ajax, XML, JSON, SOA, SSL) and web-related protocols and services
- Highly skilled in C/C++ or Java (Assembly, debug and reverse-engineering tools (i.e. IDA) is nice to have)
- Proficiency in at least one scripting language (i.e. Perl, Python)
- Experience with web application testing tools such as Burp, Parox, Fiddler, mitmproxy, Havij, and netcat
- MS SQL knowledge and understanding of other database management systems
- Knowledge of cloud and big data storage, databases, and APIs
- Experience with defining application security requirements and building secure solutions
- Ability to identify security vulnerabilities from source code reviews and testing
- Knowledge of applications vulnerabilities including XSS, CSRF, SQL injection, cookie/header/encoding manipulation, etc.
- Excellent communication skills (written and verbal) among technical and non-technical users
- Ability to collaborate well within a team environment
- Excellent prioritization and organizational skills