This Principal Application Security Engineer will be responsible for building and maintaining a Global Fortune 100 organization's application security posture, performing security assessments to include vulnerability and risk assessments, threat analysis, SAST, DAST, web pen testing amongst other things. As the security team continues to grow, the Principal Application Security Engineer will also be crucial in hiring and training future team members and scaling the organization.
Other Responsibilities Include;
- Implement a software assurance model designed to address security defects early in the delivery pipeline.
- Perform penetration testing and code reviews of web and mobile applications
- Perform security design reviews for new features and product releases and threat modeling of mobile and web applications
- Perform code reviews and advise developers on remediation techniques.
- Design controls to detect and respond to common attacks on our platform.
- Triage and respond to external inquiries around security vulnerabilities.
- Facilitate internal training on various security topics to raise awareness and interest.
Qualifications
- Strong proficiency programming languages such as Javascript, Python, C/C++, and Java, Go, Ruby, and/or shell scripting languages.
- You have 5+ years of experience working with modern web applications, APIs, and mobile applications within cloud hosted environments such as AWS, GCP, & Azure.
- Experience with CICD platforms: Jenkins, CircleCI, and integrating security into the CI/CD pipeline
- Ability to manually exploit security flaws on web apps & APIs.
- Hands-on experience designing secure web services, RESTful APIs, and microservice architectures.
- Strong understanding of containerization technology such as Docker and Kubernetes
- Experience building security into the SDLC.
- Familiarity with common application testing tools for SAST, DAST, IAST, & MAST analysis such as Burp Suite, Snyk, Checkmarx, Veracode, Synopsys, and NetSparker