Application Security Engineer (Remote in the U.S.)
Role and responsibilities:
Run client SAST, DAST, and SCA tools, review outputs and provide recommendations
Implement integrations for tools into pipelines, ticketing systems, etc.
Collaborate with developers to provide secure design guidance and remediation strategies
Familiarity with CI/CD systems (i.e. GitHub) and integrating software security tools into the development workflow
Strong understanding of web application security principles and best practices
Manage, maintain and operate application security tooling, including configuration, tuning, and automation
Requirements:
3+ years of experience in an Application Security focused position. Prior experience in a software development role preferred.
Experience with multiple SAST/DAST/SCA Application Security tools (Checkmarx, Veracode, Synk, Invicti, Semgrep, Blackduck, etc.)
Manual testing tools such as Burp Suite Pro
Experience with the integration of tools into development pipelines
Experience understanding and mitigating Application Security related vulnerabilities
Experience with reviewing source code written in JavaScript, Python, Java, C++, PHP, or C#
Integrated Development Environment (IDE) and Continuous integration / Continuous Delivery (CI/CD) Pipeline tools and processes (e.g. Azure Dev Ops, Jenkins, Bamboo, etc.)
Secure Development Lifecycles and experience remediating technical vulnerabilities identified by web application scanning tools
Information Systems architecture, security control design, and development experience
Embraces emerging technologies, including AI tools, to work smarter, solve problems, and drive better business outcomes