Senior Application Security Engineer

Overview

We are seeking our new Senior Application Security Engineer to join the Axway team! The Software Security Engineer is a member of the Software Security Group (SSG) in the R&D Department, a global group that focuses on supporting the delivery of secure products and services in cloud native and on-premises applications that serve numerous industries worldwide.

The Software Security Engineer provides support to Axway in the application of the Secure Software Development Lifecyle (SSDLC) for Axway products and services.  This position will have primary responsibility for driving and continuously improving the SSDLC program, which includes performing security reviews, vulnerability assessments and guidance on the remediation/mitigation of security findings. This may also include designing and supporting security controls, optimizing our use of security testing suites, providing training in secure coding, and evangelizing security best practices within Axway.  

Axway utilizes a structured approach for reviewing and validating the security of Axway products with a mix of the following tools and processes: threat modeling, static source code analysis, dynamic analysis, attack surface analysis, software composition analysis, software vulnerability monitoring & management, manual penetration testing, third party penetration testing management, developer training in secure coding practices, and development/management of Axway security frameworks.

Responsibilities

• Understanding of software security threats, mitigating controls, as well as their applicability to cloud and on-premises environments

• Ability to learn new products and technical concepts quickly

• Successfully manage time and technical responsibilities, set accurate expectations, and meet deliverable deadlines while working in a team environment

• Strong communication skills and ability to understand challenges and problems facing engineering teams

• Guide developers on the implementation of the Axway SSDLC program which includes secure coding practices and processes, as well as secure architecture and secure software designs (Threat Modeling)

• Support teams in applying security within the CI/CD/CD process (DevSecOps)

• Support customers, developers and SSG in technical analysis of tool outputs

• Support the management, control and upgrade of selected SSDLC tool suites

Qualifications

• Bachelor’s degree in Computer Science, Information Technology or related field/equivalent experience

• 1-2 years of supporting an SSDLC program or similar secure software activities

• 4+ years relevant information technology or development experience

• Hands-on experience in some of the following areas: threat modeling, dynamic and static analysis, attack surface analysis, software composition analysis, penetration testing, vulnerability remediation techniques, HTTP, XML, REST, C/C++, Java, Web Servers (Apache/IIS), Scripting languages (JavaScript, Python, node.js, etc.)

• Experience using productivity and communication suite tools to create documents, presentations, and detailed drawings.
• Experience in using ticketing and content management tools

• Technical writing, documentation, and communication skills are required

Helpful Skills to Support the Responsibilities

• Experience in Secure Code Analysis

• Strong technical understanding and aptitude for analytical problem-solving

• Understanding of CVSS, CWE, OWASP, ASVS and SANS top 25

• Knowledge of penetration testing methodologies or experience performing software/application penetration testing

• Working knowledge of Crypto technologies and practices (PKI, Crypto libraries, TLS/SSL etc.)

• Authentication and Authorization mechanics and protocols

• Experience with Infrastructure as Code

• Understanding of the system hardening processes, tools, guidelines and benchmarks.

• Understanding of enterprise computing environments, distributed applications, and an understanding of TCP/IP networks

• Comfortable working on both Linux-based and MS Windows-based system platforms

• Understanding and experience in IH/IR

• Secure system configuration and deployment of infrastructure

Company Overview

At Axway, we’re more than a company—we’re a pioneer. For 25 years, we’ve been empowering organizations to achieve digital transformation and unlock innovation. With a presence in 100 countries, 11,000+ customers, and a global team of over 1,400+ passionate professionals, Axway is driving the future of enterprise integration.

We’re on a mission to be the leader in our space, empowering our customers with secure, mission-critical software to manage and deliver impactful business outcomes from all their digital business interactions.

Why Axway?

We believe in the power of togetherness. When you’re part of Axway, you’re part of a culturally rich and globally connected community that thrives on exchanging ideas and tackling challenges head-on. Whether working remotely or onsite, you’ll find camaraderie, collaboration, and the support of leadership to inspire you daily.

Here, you’ll grow, innovate, and succeed because we’re better together. Each step forward in your personal journey is one we take as a team. Join us, and let’s accomplish extraordinary things together.

Axway is a proud member of 74Software. Learn more about how Axway is transforming the future: https://www.axway.com/en.

Ready to shape the future? Let’s get started—because at Axway, together, we can. Together, we will.

Axway is an AA and EEO employer