Overview
Skills
Job Details
The Staff/Senior Staff IT Developer (Application Security) will design and secure internal applications, conduct security code reviews, perform penetration testing, and collaborate with cross-functional teams in an Agile environment.
Key Responsibilities:-
Design secure, scalable IT solutions focused on performance.
-
Conduct security code reviews for quality and best practices.
-
Identify and remediate vulnerabilities (e.g., XSS, SQLi, CSRF, SSRF).
-
Perform web app penetration testing (manual/automated).
-
Evaluate SAST/DAST findings and manage issues in Jira.
-
Validate bug bounty vulnerabilities.
-
Translate business requirements into technical specifications.
-
Troubleshoot complex issues and support Engineering teams.
-
Document designs, processes, and configurations.
-
Provide technical guidance as a subject matter expert.
-
Mitigate technical risks and foster innovation in Agile teams.
-
Bachelor's in Computer Science, Cybersecurity, or equivalent.
- 5+ years in software development, including hands-on coding in languages like Java, Dart, JavaScript, TypeScript, Python, Go, or Kotlin, with a focus on secure coding practices.
- 2-3 years in a lead or senior capacity, demonstrating ability to guide technical decisions, mentor teams, or architect complex systems.
- 3+ years in application security, including professional penetration testing or equivalent Bug Bounty experience, with expertise in identifying and mitigating vulnerabilities (e.g., XSS, SQLi, CSRF).
- Practical experience with tools like Burp Suite Pro, SAST/DAST, and platforms like AWS/Google Cloud Platform/Azure, Kubernetes, Docker, and GitHub.
-
Experience with AWS/Google Cloud Platform/Azure, SQL databases, RESTful APIs, GitHub.
-
Advanced penetration testing skills; proficient with Burp Suite Pro.
-
Knowledge of cryptographic algorithms (AES, SHA, HMAC, RSA, ECC).
-
Familiarity with OWASP Top 10 and security best practices.
-
Experience with Agile (Scrum, Kanban).
-
Strong problem-solving and communication skills.
-
Professional penetration testing or Bug Bounty experience.
-
OSCP, OSWA, OSWE, eWPT, BSCP, GPEN, or GWAPT.
Job Type: Remote
Time Zone: CST
Duration: 3M+ Extendible