Junior Application Security Engineer

About The Position

Requirements

• Bachelor's in Computer Science or Information Security
• 1 to 3 years of experience in technology and development, with a specialty in security in a complex environment, focusing on protecting intellectual property and sensitive data.
• Direct experience with at least one CI/CD platform
• Direct experience with application testing (e.g., SAST, DAST, IAST)
• Direct experience in application vulnerability management processes
• Working knowledge of current software development methodologies
• Working knowledge of OWASP Top 10 and CWE 25
• Working knowledge of programming languages and scripting
• Working knowledge of software design lifecycle
• Working knowledge of web and app security stack (e.g., API security)
• Working knowledge of cloud security concepts and technologies
• Working knowledge of authentication and authorization flows in web applications
• Penetration Testing (Network layer, application layer)
• Basic understanding of threat modeling
• Basic understanding of network security (e.g, WAF, Micro-segmentation).
• Demonstrate the ability to articulate complex technical scenarios to a non-technical audience clearly

Responsibilities

• Secure Development – Build strong relationships across product management and software engineering teams.
• Drive adoption of secure software development lifecycle practices across the areas of secure architecture and design, secure coding, security testing, and secure software release management.
• Vulnerability Management – Analyze scan results, prioritize findings, and collaborate with software engineering teams to remediate security flaws.
• Penetration Testing – Knowledge of network and web application exploitation, ethical hacking, penetration testing, computer forensics and tool development.
• Infrastructure Security - Works closely with the Infrastructure and Application Development teams to ensure proper configurations are implemented and tested on WAF, FW, IDS/IPS and platform
• Incident & Cyber Threat Management – Works with the appropriate teams to ensure all appropriate data is aggregated into the logging and monitoring tool and that the appropriate reports are produced and reviewed.
• Security Review – Be a liaison to perform security reviews for architecture changes across the technology stacks.
• Identify risks and collaborate with stakeholders to remediate risks to meet the requirements set in place by the security team.
• Incident Response – Perform investigative tasks in response to alerts.
• Look for indicators of compromise, preserve data and collaborate with members of the security team throughout the incident response process.

Benefits

• Medical, dental, and vision insurance
• Company-paid life insurance with additional voluntary coverage options
• Disability insurance
• Additional voluntary benefits
• 401k match
• Flex PTO
• Paid Parental Leave
• 30%+ discount on Pampered Chef Products and product giveaways