Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer I

Application Security Engineer III - Cofense


Purpose of Position: Reporting to the Senior Director - Software Engineering, the Application Security Engineer III is responsible for assisting the Development, Production Engineering, and Security Operations teams with application-level security assessment and threat mitigation.


Essential Duties/Responsibilities

  • Actively participate in the development of software as a member of a Scrum team
  • Participate in the review of the merge requests from Development and Production Engineering teams to proactively address security concerns before changes are merged to master
  • Actively participate in our agile life-cycle, including planning, grooming, daily stand-ups and retrospectives.
  • Use static code analysis tools to harden the software.
  • Develop and evangelize secure programming standards
  • Perform security reviews of software designs, assisting others to ensure quality and robustness of our products.
  • Perform security focused design reviews considering elements such as: protocols, encryption, data storage, and business logic
  • Validate, address, and document responses to security findings from third-party penetration testing engagements
  • Other duties as assigned

Knowledge, Skills and Abilities Required

  • Passionate about application security and development
  • A self-starter who can identify work that needs to be done without waiting for direction
  • Comfortable mentoring engineers that are globally distributed.
  • Understand OS concepts such as scheduling, interrupt handling, virtualization of computing resources.
  • Able to demonstrate an understanding of JAVA programming skills and are comfortable learning new languages.
  • Comfortable working independently but able to escalate problems when necessary
  • Demonstrate strong oral and written communication skills
  • Willing to mentor and guide fellow team members kindly and constructively
  • Enjoy sharing knowledge via documentation
  • Happy to travel occasionally for team meetings and events
  • Able to write PoC code and documentation that clearly demonstrate vulnerabilities
  • Proficient with (or able to quickly learn) automation tools such as Selenium
  • Able to find solutions to challenging technical puzzles with atypical constraints
  • Able to effectively use git and understand common SCM workflows
  • Able to write code that is intentional and readable, rather than magically obscure
  • Enjoy tinkering
  • Ability to list and demonstrate examples of the OWASP Top 10 preferred
  • Familiarity with TDD/BDD preferred
  • Working knowledge of AWS or other cloud computing platforms preferred
  • Familiarity with proxies, firewalls, mail infrastructure, and other solutions commonly seen in large enterprises preferred


Education and/or Experience:

  • Bachelor’s degree preferred.
  • Previous professional, full-stack app-dev experience preferred
  • Have used static analysis security audit tools preferred
  • Experience using CI environments (Jenkins/Docker) preferred
  • Experience performing threat modeling
  • Experience with secure code quality practices and tooling to support quick engagements and rapid analysis - static analysis tools (Coverity, Checkmarx, or similar), dynamic scanning (Rapid 7, AppSpider, or similar), Fuzzing (AFL, Peach, or similar) and code coverage (Bullseye, LDRA, etc) preferred
  • Experience with security incident response activities
  • Experience penetration testing and the usage of web proxies for manual vulnerability assessment
  • Customer support experience (retail, help desk, consulting, etc.) preferred


For more information and to apply, please visit:

0 Replies