Job Description
Job Title: Application Security Engineer
Location: Remote
Type: CTH
We are looking for an application security engineer capable of developing and testing the security aspects of our web services, mobile applications and embedded hardware.
Experience with software assessment, including hands-on penetration testing using open source and automated commercial tools, Java 8-10 preferred embedded development experience, familiarity with the cloud ecosystem, is required. 5+ years’ experience with recent work in software security, IoT, and Cloud.
Duties and Responsibilities
- Conducting security assessments (SAST, DAST, automated and hands-on penetration network), architecture reviews, threat modeling of the application stack, including applications built on Cloud and emerging technologies
- Design and develop platform level solutions to promote security-related initiatives and improvements. Review source code for potential security issues, recommend and implement fixes.
- Write security test cases to check for vulnerabilities or broken/missing security controls Providing specific risk assessment and remediation guidelines for developers and business owners
- Helping manage and triage findings from security tools and static and dynamic scanners
- Conduct penetration testing against our applications, services, and environments, reporting underlying security issues, and proposing appropriate security controls. Collaborate with testing organizations to verify security features and fuzz for vulnerabilities.
- Research the latest security standard methodologies, trends, threats and vulnerabilities, and technology frameworks Document and disseminating security guidelines for common security issues, remediation guidance, and security baselines. Work with developers to provide security guidance and mentor them as necessary.
- Actively promote improving the security culture and education within the organization.
- Works with developers, testers, and deployment teams to create software deployment/hosting plans
- Improve firmware architecture and APIs to build security into the core.
- Deploy security mitigations suitable for use in an embedded environment and web services
Requirements:
Education: Bachelor’s degree in Computer Science / Engineering with an emphasis in security-related fields (or equivalent experience)
Experience: 5+ yrs
Skills: Demonstrates leading-edge knowledge of concepts and theories in their discipline.
Technical Skills:
- Certs like OSCP, OSCE, OSEE, etc.
- Advanced knowledge of Full-stack and embedded software development with advance knowledge of Java SE 8,9+ and Java EE 7
- Experience with security automation in a CI/CD pipeline
- Advanced knowledge of Code/Development Security
- Knowledge of API architecture, design, scalability, and security
- Experience architecting, designing, and developing and consuming web services
- Knowledge designing and implementing secure internet-facing APIs
- Experience with relational and non-relational databases.
- Advanced knowledge of AWS or Google Cloud Platform (GCP)
- Experience with Containerization (Kubernetes, ECS)
- Strong understanding of disaster recovery planning and execution
- Excellent analytical and problem-solving skills
- Excellent communicator (written and verbal): ability to read, write, speak and understand English
- Ability to focus on deadlines and deliverables and Self-starter, self-motivated, driven individual
