18 Apr
Application Security Engineer
California, Temecula , 92589 Temecula USA

Vacancy expired!

We are looking for an Application Security Engineer (ASE). This is a contract-to-hire opportunity. Located in Temecula. Currently, this position is remote with plans to return to the office in progress. You will work closely with business stakeholders and other engineering team members to ensure the solutions are built per security industry-standard. The ASE will also be actively participating in the implementation processes of our systems and product. What You Will Do:

  • Review implementation code, perform manual and automated web application pen testing on critical products and features, identify security flaws, and suggest remediation.
  • Research new threats, attack vectors, and risks
  • Conduct threat modeling, security reviews and provide/maintain security guidance to development teams
  • Help engineers design more secure applications via design input and code review
  • Build tools and integrate scanners for static and dynamic analysis.
  • Describe business impact of identified vulnerabilities to engineering and management
  • Provide guidelines and best practices for fixing identified vulnerabilities
  • Understands and writes Web Application Firewall rules to protect vulnerable applications while engineers fix identified vulnerabilities
  • Provide security expertise and guidance to engineering and business teams
  • Build, automate, and operate security testing capabilities
  • Mentor other engineers in your areas of expertise
  • Participate in scoping engagements and report delivery
Requirements
  • Bachelors or advanced Degree in Computer Science
  • Minimum of five-year experience in software design, development, scripting, and unit testing; proven experience developing large-scale database-driven applications
  • 5+ years of experience in application-level vulnerability testing and code-level security reviews
  • Web application pen testing and red team experience
  • Strong understanding of web (OWASP Top 10) and mobile application security
  • Experience performing automated testing via scripting or programming languages (Python, Golang, Shell, etc.)
  • Experience conducting architecture and design reviews
  • Experience with Web Application Firewalls and rules
  • Experience with Qualys, Burp Suite, OWASP ZAP, or other proxying and scanner tools
  • Experience communicating security issues and recommendations to both technical and non-technical audiences
  • Experience investigation DDOS, SQL Injection, Cross-Site scripting, and other vulnerabilities
  • Excellent technical, problem solving, and analytical skills
  • Strong written and oral communication skills
  • High integrity and a high level of maturity required
  • Excellent organizational and leadership skills
  • Excellent communication skills and ability to collaborate
  • Must be very detail-oriented with a high degree of adaptability
  • Willingness to work with people from diverse backgrounds and experiences

Vacancy expired!


Report job