Talent.com
Application Security Engineer

Application Security Engineer

Request TechnologyCoppell, Texas, United States
27 days ago
Job type
  • Full-time
  • Permanent
  • Quick Apply
Job description

Hybrid, 3 days onsite, 2 days remote.

We are unable to sponsor as this is a permanent full-time role.

A prestigious company is looking for an Application Security Engineer.  This engineer will focus on web applications, secure SDLC, SAST, DAST, AWS / Azure vulnerability management, scripting / programming, etc.

Responsibilities :

  • Application Security / Secure SDLC
  • Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC.
  • Implement DevSecOps principles and integrate tools into CI / CD pipelines and developer workflows.
  • Define and improve secure SDLC processes – designing and implementing a developer friendly secure SDLC framework tailored to company’s delivery model.
  • Automate security checks in CI / CD pipelines and developer tools to ensure continuous visibility and successful delivery.
  • Build out process for threat modelling and secure design review process.
  • Implement security for supply chain security, AI / ML application security, Open source etc.
  • The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments.
  • Assist with application security vulnerability management including implementation of new vulnerability management tools.
  • Perform ongoing reviews of application releases to ensure only secure and reviewed code is pushed to prod, with automation tasks as necessary.
  • Develop scripts / automation to assist development teams with interpreting results from pipeline vulnerability verification reports to facilitate vulnerability remediation.

Qualifications :

  • BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college / university desired.
  • 5+ Years’ experience in Application Security or Information Security environment.
  • Experience writing scripts and working with containers in a CI / CD pipeline.
  • Experience with CI / CD pipelines and software development / coding : Docker, Jenkins, GitHub, SVN, Terraform, and others.
  • Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, GCP, IaaS / PaaS / SaaS).
  • Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications.
  • Strong knowledge of common enterprise infrastructure technology stacks and network configurations.
  • Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming languages.
  • Deep knowledge of common web, API and cloud vulnerabilities (e.g. OWASP Top 10, CWE, auth flaws etc.).
  • Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications.
  • Knowledge of how security fits into platform engineering and cloud native stacks.
  • Deep understanding of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.).
  • Familiarity with API security (REST & GraphQL), Postman, OOWASP top 10).
  • Proficiency with artifact repositories and implementing security controls around component ingestion.
  • Familiarity with Kubernetes security, container scanning and cloud infrastructure as code.
  • Ability to triage and prioritize vulnerabilities based on exploitability, impact and business context.
  • Strong proficiency application security and vulnerability management.
  • Strong experience with custom scripting (python, C++, PowerShell, bash, etc.) and process automation.
  • Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.).
  • Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls.
    • Create a job alert for this search

    Application Security Engineer • Coppell, Texas, United States