Application Security Engineer

Responsibilities

This role will require the applicant to be able to complete tasks and responsibilities relating to the

following areas :

Perform black-box and white box security testing on web applications and web services, including

web application penetration testing

Integrate security testing tools into the quality assurance process

Perform code reviews with the software engineering team and identity common coding flaws

Conduct vulnerability analysis of software patches and updates and prepare vulnerability analysis

reports

Conduct threat modeling and document software attack service elements

Conduct risk analysis of applications and systems undergoing major changes

Determine project security controls from customer requirements and develop documentation to

capture them

Integrate software cybersecurity objectives into project plans and schedules

Address security implications in the software acceptance phase

Conduct trial runs of programs and software applications with software engineering

Develop software system testing and validation procedures

Determine cybersecurity measures for steady state operation and management of software

Incorporate product end-of-life cybersecurity measures

Collaborate with the ICANN InfoSec team to assess and assist in remediation of vulnerabilities

Qualifications :

This role will require the applicant to be have proficient knowledge in the following areas :

Confidentiality, Integrity and Availability (CIA) principles and practices

Risk management processes, models, frameworks, principals and best practices including the

supply chain

Risk acceptance and documentation

Root cause analysis tools and techniques

Customer and cybersecurity requirements and gathering

Cybersecurity and privacy principles and practices

Cybersecurity threats and their characteristics

Cybersecurity vulnerabilities

Defense-in-depth principles and practices

Software engineering and software security principles and practices

Secure coding tools and techniques

Code analysis tools and techniques

Web application and web service risk

Web application and web service protocols

Security and penetration testing principles, practices, tools and techniques

Automated and black-box software security testing tools and techniques

This role will require the applicant to be have proficient skills in the following areas :

Performing root cause analysis

Identifying systems designed without security considerations

Scanning for and recognizing vulnerabilities

Applying black-box software testing

Designing secure test plans

Communicating with engineering staff

Conducting customer interviews

Performing risk analysis

Performing static code analysis

Preferred Experience :

Web Application Security Testing Certification

GIAC, PortSwigger

Five or more years performing web application and web service security assessments, including

threat modeling, automated scanning and manual penetration testing

Equivalent professional experience