The Application Security Engineer will establish an industry-leading security processes and practices at each phase of the software development lifecycle, provides guidance on application security design and architecture, coordinates the prioritization of critical security-related activities and organizes educational initiatives and materials.
1. Implement security solution and processes to ensure the safety of clients, products and information.
2. Managing security measures for information technology system within a networked system.
3. Operating regular inspections of applications processes for security updates.
4. Conducting an audit process for maintaining security, safety measures and strategies.
5. Finding a secure ways to implement technology and adopt measures that reduce the risks related to information systems.
6. Maintaining standard information security policy, procedure, and services.
7. Participate in strategic activities to evangelize security objectives and ensure their appropriate consideration in product and operational planning.
8. Constantly learn new advanced technology skills in order to be capable of grasping technical security issues immediately.
• In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
• Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
• Solid knowledge of browser and mobile platforms security model, crypto, and network security. Familiarity with security tools such as static analysis, runtime analysis, black-box/white-box testing, DAST, SAST and IAST
• Working knowledge of Software Development Life Cycle, .NET Frameworks, IIS, DevOps, automation testing and software development.
• Attacker mindset, and the passion to instill it into other engineers. Knowledgeable about tactics, techniques, and procedures used for software security exploitation. Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
• Highly motivated, able to define a vision and lead its execution, driven to overcome obstacles. Excellent communication and executive presentation skills. Ability to clearly articulate specifications and best practices for application security.
• Background experience of Security and Performance Monitoring tools such as SolarWinds, Dynatrace and Tenable.
• General knowledge of Firewall, F5, Windows Servers, WAF, Proxy services, Databases and Cloud Services.
• Adequate management and communication skills to ensure effective coordination with teams and clients.