The Application Security Engineer ensures applications and services are secured and implemented with best security practices. The main goal of AppSec engineer is to protect applications from security attacks by developing, inserting, and testing security components that make the application more secure. The AppSec engineer will set security controls and design requirements during the software creation and development stage of the software lifecycle. This role also supports the team to integrate these designs into the applications and assists in documenting the security architecture for new development and existing applications.
- Design, write, maintain software to improve the security, availability, confidentiality, integrity, efficiency of applications/services, incorporating cloud and open-source tools when available and writing software of your own when nothing else fits the bill.
- Be the go-to expert in security area for both enterprise services and UI; understands the broad architecture of the entire system.
- Uncover vulnerabilities and fix them before hackers get a chance to exploit them by helping in static and dynamic application scans.
- Developing and maintaining software application security policies and procedures and documentation.
- Providing technical leadership, guidance, and direction to the application team on security.
- Contribute to building CI/CD pipelines incorporating security scans.
- Ensure security across all aspects of the software is uniform by setting up build and deployment checkpoints
- Actively involved in the selection and/or creation of security tools for monitoring, profiling, logging, reporting and security checking.
- Designing technical solutions to address security weaknesses utilizing programming guidelines/standards.
- Provide security training, mentoring, and coaching to other developers.
- Participates in third-party system analysis to identify potential implementations and integrations.
- Keeps up on industry security trends and current technological standards, languages, and coding techniques.
- Develop procedures/processes to automate security tasks as part of deployment pipeline.
- Develop & maintain up to date documentation for all security requirements/procedures & tools.
- Identify & communicate security risks & implement solutions to remediate the issues.
- Assist & train team members in use of cloud security tools & remediation of issues.
- Work as a liaison between application & Infrastructure teams to design/architect systems to protect against attackers
- Bachelor’s degree in an appropriate field (e.g., computer science, information technology, etc.) or equivalent combination of education and/or experience.
- 3+ years of Java Development required.
- Experience in the following is preferred: Java, Design patterns, REST and SOAP Web Services, Microservices, Junit, Git, Maven, Splunk, and basic UI skills.
- Nice to have experience or knowledge in the following: Cloud infrastructure software such as AWS, Static code scanning tools (Veracode, Check Marx or similar) and dynamic scanning tools (Burp suite enterprise or similar).
- Familiarity with the OWASP Top Ten and CWE Top 25. Security certification such as CISSP, CCSP, CSSLP or other relevant certifications in information security is a plus
- Experience developing project estimates, helping with requirements gathering, system design, creating agile stories, supporting release process, and working in an agile environment.
- Experience contributing to project plans, ensuring timely delivery and effective risk management.
- Knowledge of network, routing, and web related protocols (e.g., TCP/IP, UDP, HTTP, HTTPS)
- Experienced in secure coding practices.
- Have clear understanding of encryption/decryption methods, authentication, and common IP/application attacks.
- Good understanding of information security principles and best practices.
- Experienced in identifying and resolving security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases
- Dedicated team player who considers others’ opinions and adapts to change effectively.
- Motivated to support the company goals; is creative, flexible; able to work both independently and in teams; able to think imaginatively about opportunities; able to respond with novel and innovative approaches to addressing an issue; able to inspire others to work towards achieving team goals.