Application Security Engineer

at  Itential Inc

JOB SUMMARY:

As an Application Security Engineer, you will be an important member of the Product Engineering team. This is a key role that will focus on ensuring the adoption, deployment, fine-tuning, and development of tools, services, and processes that enable security controls in the SDLC. This role will work closely with Development and DevOps teams to define security processes and integrations that support existing workflows and pipelines. This role will work across all aspects of the team to ensure an efficient and effective Application Security Pipeline.

REQUIRED SKILLS/ABILITIES:

• Bachelor’s degree in IT, Computer Science, or Information Security preferred.
• At least 5 years of experience in application security or a related field.
• Proven and extensive Software Engineering experience developing and maintaining scalable, Cloud-native, and on-prem software solutions.
• Proven and extensive experience with container technologies, AWS, and infrastructure-as-code such as Terraform, Cloud Formation, etc.
• Proven and extensive experience building tools and automation to support an Application Security team.
• Proven and extensive experience in secure software development using programming languages like NodeJS, ReactJS, ExpressJS, HTML, JavaScript, Python, etc.
• Strong desire to help engineering teams and build consumer applications securely.
• Strong understanding of software development methodologies and secure coding practices
• Strong understanding of the SDLC and CI/CD pipelines
• Strong understanding of application security standards and practices, such as the OWASP
• Knowledge of practical threat modeling for consumer applications
• Demonstrated ability to explain risks and vulnerabilities to both technical and non-technical audiences.
• Hands-on experience working with DevOps and Agile-driven product teams.
• Excellent interpersonal, written, and verbal communication skills. Experience with CI systems such as Gitlab CI, GitHub Actions, Jenkins, Travis, etc.
• Knowledge of Web application & Cloud security principles, ISC2 CSSLP, CEH, GIAC (GWEB, GCSA), or other industry Security Certifications.

DUTIES/RESPONSIBILITIES:

• Security-focused Software engineering leader that is passionate about teaching and learning while solving problems.
• Collaborating with Product Management & Development teams to integrate security best practices throughout the software development lifecycle (SDLC). Assisting in the selection and implementation of security tools and technologies to enhance the application security posture. Creatively solve problems with solutions that secure and scalable.
• Review and contributed to application designs and solutions.
• Identify and define application security requirements and security baselines.
• Staying up to date with the latest security threats, vulnerabilities, and industry best practices.
• Reviewing & testing code for security vulnerabilities and recommending appropriate remediation actions.
• Actively and continuously share role-specific knowledge with team members and product teams.
• Contributing to the development and maintenance of application security policies, procedures, and guidelines.