Application Security Engineer

Responsibilities:

• Partner with enterprise and solutions architects, software engineers, product owners, DBAs and QA engineers to ensure adequate security is in place throughout the SDLC.
• Collaborate with Agile teams throughout the software development lifecycle to integrate security requirements, perform risk assessments, and address security issues.
• Provide guidance and support to Agile teams on secure coding principles, security frameworks, and OWASP Top 10 vulnerabilities.
• Conduct threat modeling exercises with Agile teams to identify potential security threats and recommend appropriate mitigation strategies.
• Plan, coordinate, and execute security testing activities, including penetration testing, vulnerability scanning, and security assessments. (Experience with Dynamic Application Testing)
• Assist in incident response activities related to application security incidents and contribute to post-incident reviews to improve security measures.
• Promote security awareness within Agile teams by organizing workshops, training sessions, and providing timely security updates.
• Maintain accurate and up-to-date security documentation, including security guidelines, standards, and procedures, to ensure compliance with industry regulations.
• Continuously monitor and assess the security posture of applications, propose enhancements, and drive the implementation of security improvements.
• Identify and communicate potential security risks and vulnerabilities to the Information Security Application Security Team, helping in the formulation of risk management strategies.
• Foster a collaborative and productive working relationship with Agile teams, sharing knowledge and best practices to improve overall security awareness and practices.
• Evaluate and recommend security tools, solutions, and technologies that align with the organization's security goals.

Requirements:

• Fluent English
• 1+ years of experience in a software development role such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer with a good understanding of application security.
• Knowledge of web application (SaaS) design best practices and secure software development.
• Familiarity with relevant security standards, regulations, and frameworks (e.g., OWASP, NIST, ISO 27001).
• Experience with SOAP and REST APIs.
• 1+ years of experience completing application security testing engagements and reports.
• Solid knowledge of common web application security vulnerabilities, secure coding principles, and secure development frameworks.
• Demonstrated ability to work collaboratively within a team and across departments to achieve common security goals.
• Strong problem-solving skills and the ability to think critically under pressure.
• Self-motivated, proactive, and able to work independently with minimal supervision.

Preferred:

• Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CISM, CSSLP) are a plus.
• Experience with security testing tools and techniques (e.g., SAST, DAST, IAST) to identify and remediate security issues.
• Strong understanding of Agile software development methodologies and experience working closely with Agile development teams.
• Strong knowledge of .NET 4.0+ and Core, MVC 4/5, and Entity Framework.
• Excellent communication and interpersonal skills, with the ability to convey complex security concepts to technical and non-technical stakeholders.
• Knowledge of DevSecOps practices and experience with CI/CD pipelines is desirable.