Sr. Application Security Engineer (Bellevue, WA)
The Senior Application Security Engineer will be responsible for:
• Ensuring web applications, APIs and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001 and the Information Security Policy.
• Developing, implementing and monitoring enterprise information security architectures and solutions.
• Designing and automating assessments through penetration testing and ethical hacking, then analyzing security risks and recommending mitigating and compensating security controls.
• Performing internal penetration testing working closely with the engineering team to assess and prioritize discovered security issues and vulnerabilities.
• Maintaining and supporting application security tools, including static and dynamic security analysis solutions, and develop related documentation.
The Senior Application Security Engineer will work closely with:
• Cross functional teams to embed security, logging, auditing, and support all applications hosted within the corporate and cloud environments.
• Security Operations to develop new incident response plans and playbooks related to web application security threats.
• Software Engineering and QA departments to ensure security principles are enforced in all stages of the software development lifecycle.
• 7+ years of experience in Information Security
• Experience with the development, deployment, and automation of application security solutions in an enterprise cloud based environment.
• Deep understanding of OWASP Top 10 and CWE/SANS Top 25.
• Demonstrated proficiency in ethical hacking and WhiteHat penetration testing.
• Hands-on technical proficiency with Burp Suite and Metasploit.
• Demonstrated experience in investigating security issues related to web application exploits, credential stealing and authentication-based exploits.
• Experience in creating detailed solution design documents & diagrams.
• 7+ years of experience in Information Security with an emphasis on application security.
• At least one security related certification, such as CISSP, GIAC, CSSLP, required. CISSP or CEH.
• Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2.
• Hands-on technical proficiency with Burp Suite, Metasploit and Kali Linux.
• 3+ years of experience as a software engineer in some capacity, especially application, platform or product development. Programming experience in Java, C++ or C highly preferred.
• In-Depth knowledge of web application architecture, API development, and MVS frameworks.
• Experience in DevOps environments and maintaining security in CI/CD processes highly desired
• Solid understanding of either Amazon AWS or Microsoft Azure architectures/ecosystems.
• Demonstrated ability to facilitate automation and integration through scripting in Powershell, Python, Perl, etc.
• Working familiarity with threat models for large, distributed systems and cloud-based SaaS infrastructure.
• Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.
2001 Gateway Place, Suite 150 San Jose, CA, 95110