Senior Application Security Engineer

information security, penetration testing, burp suite, metasploit
Full Time
Depends on Experience

Job Description

Sr. Application Security Engineer (Bellevue, WA)

The Senior Application Security Engineer will be responsible for:
• Ensuring web applications, APIs and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001 and the Information Security Policy.
• Developing, implementing and monitoring enterprise information security architectures and solutions.
• Designing and automating assessments through penetration testing and ethical hacking, then analyzing security risks and recommending mitigating and compensating security controls.
• Performing internal penetration testing working closely with the engineering team to assess and prioritize discovered security issues and vulnerabilities.
• Maintaining and supporting application security tools, including static and dynamic security analysis solutions, and develop related documentation.

The Senior Application Security Engineer will work closely with:
• Cross functional teams to embed security, logging, auditing, and support all applications hosted within the corporate and cloud environments.
• Security Operations to develop new incident response plans and playbooks related to web application security threats.
• Software Engineering and QA departments to ensure security principles are enforced in all stages of the software development lifecycle.
Basic Qualifications
• 7+ years of experience in Information Security
• Experience with the development, deployment, and automation of application security solutions in an enterprise cloud based environment.
• Deep understanding of OWASP Top 10 and CWE/SANS Top 25.
• Demonstrated proficiency in ethical hacking and WhiteHat penetration testing.
• Hands-on technical proficiency with Burp Suite and Metasploit.
• Demonstrated experience in investigating security issues related to web application exploits, credential stealing and authentication-based exploits.
• Experience in creating detailed solution design documents & diagrams.
Preferred Qualifications
• 7+ years of experience in Information Security with an emphasis on application security.
• At least one security related certification, such as CISSP, GIAC, CSSLP, required. CISSP or CEH.
• Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2.
• Hands-on technical proficiency with Burp Suite, Metasploit and Kali Linux.
• 3+ years of experience as a software engineer in some capacity, especially application, platform or product development. Programming experience in Java, C++ or C highly preferred.
• Demonstrated proficiency in JavaScript, HTML, PHP or Python.
• In-Depth knowledge of web application architecture, API development, and MVS frameworks.
• Experience in DevOps environments and maintaining security in CI/CD processes highly desired
• Solid understanding of either Amazon AWS or Microsoft Azure architectures/ecosystems.
• Demonstrated ability to facilitate automation and integration through scripting in Powershell, Python, Perl, etc.
• Working familiarity with threat models for large, distributed systems and cloud-based SaaS infrastructure.
• Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.

Posted By

Tom Nacnodovitz

2001 Gateway Place, Suite 150 San Jose, CA, 95110

Dice Id : redoak
Position Id : 6546594
Originally Posted : 2 weeks ago
Have a Job? Post it

Similar Positions

Staff Application Security Engineer
  • Harvey Nash Inc.
  • Bellevue, WA
Senior Software Security Engineer
  • iTech Solutions
  • Seattle, WA
Security Engineer III
  • Capital Staffing Solutions
  • Bellevue, WA
Infosec Security Engineer
  • Benjamin Douglas Consulting LLC
  • Seattle, WA
Information Security Engineer
  • Perkins Coie
  • Seattle, WA
Senior Security Engineer
  • Jobot
  • Seattle, WA
Security Engineer
  • CyberCoders
  • Seattle, WA
Cyber Security Engineers
  • Perfict Global, Inc.
  • Bellevue, WA
Principal Security Engineer
  • Yoh - A Day & Zimmerman Company
  • Seattle, WA
Security Engineer
  • Omega Solutions Inc
  • Bellevue, Washington
Security Engineer III
  • Navtech Inc
  • Bellevue, WA
Cyber Security Engineer
  • VitalWare
  • Seattle, WA
Information Security Analyst
  • Experis
  • Seattle, WA
Security Triage Engineer
  • LeadStack, Inc.
  • Bellevue, WA