Application Security Engineer

About The Position

Requirements

• US Citizen.
• 5+ years of experience in Information Technology
• Bachelor's degree in computer science or related quantitative field
• Experience with web-based architectures and applications
• Familiarity with industry standards for application security
• Familiarity with common application security testing techniques (DAST, SCA, SAST, IAST) and vulnerability management tooling
• Equivalent combination of related education, training and experience may be considered in place of the above qualifications.
• You’re curious, passionate, authentic and accountable.

Nice To Haves

• Continuous Improvement: Originating action to improve existing conditions and processes; identifying improvement opportunities, generating ideas, and implementing solutions.
• Decision Making: Identifying and understanding problems and opportunities by gathering, analyzing, and interpreting quantitative and qualitative information; choosing the best course of action by establishing clear decision criteria, generating and evaluating alternatives, and making timely decisions; taking action that is consistent with available facts and constraints and optimizes probable consequences.
• Influencing: Using effective involvement and persuasion strategies to gain acceptance of ideas and commitment to actions that support specific work outcomes.
• Familiarity with DevSecOps
• Familiarity with API Security best practices
• Experience with container and Kubernetes security
• Experience with Azure or other commercial clouds
• Familiarity with various programming languages to assist with peer review (Java, Python, Golang)
• Relevant security certifications such as CISSP, CSSLP, GPEN, GWAPT, OSCP
• Familiarity with industry standard authentication and authorization (OAuth, Okta, Microsoft Entra)

Responsibilities

• Provide Subject Matter Communication: Coordinate with the Secure Design team to ensure new environments/applications align with expected compliance levels.
• Provide guidance to development teams on security design, threat modeling, and resolution of security vulnerabilities
• Advise on potential compensating and mitigating controls to reduce risk
• Triage security findings received through a public bug bounty program, communicating with both the developers and independent security researchers
• Perform Security Assessments & Assist in Remediation: Perform application security assessments and web application security assessments on both internal and external web applications and web services
• Interpret and triage results from web application assessments
• Assess Azure and AWS cloud offerings to ensure usage aligns with security best practices
• Assess applications for potential migration from on-prem to cloud
• Build Security Standards & Integrations for Engineers: Help research and define security benchmarks, guidelines, and processes

Benefits

• Comprehensive medical, prescription, dental and vision plans.
• Medical plan options include: PPO with low annual deductible and copays.
• HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).
• Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan.
• There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!
• An industry-leading 401k plan.
• Tuition Assistance Program and programs and resources to support your development
• Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
• Volunteer Time Off, parental leave and unlimited paid sick days.
• Generous childcare benefits for all full-time employees.