Purpose of Position: Reporting to the Senior Director - Software Engineering, the Application Security Engineer III is responsible for assisting the Development, Production Engineering, and Security Operations teams with application-level security assessment and threat mitigation.

Essential Duties/Responsibilities

• Actively participate in the development of software as a member of a Scrum team
• Participate in the review of the merge requests from Development and Production Engineering teams to proactively address security concerns before changes are merged to master
• Actively participate in our agile life-cycle, including planning, grooming, daily stand-ups and retrospectives.
• Use static code analysis tools to harden the software.
• Develop and evangelize secure programming standards
• Perform security reviews of software designs, assisting others to ensure quality and robustness of our products.
• Perform security focused design reviews considering elements such as: protocols, encryption, data storage, and business logic
• Validate, address, and document responses to security findings from third-party penetration testing engagements
• Other duties as assigned

Knowledge, Skills and Abilities Required

• Passionate about application security and development
• A self-starter who can identify work that needs to be done without waiting for direction
• Comfortable mentoring engineers that are globally distributed.
• Understand OS concepts such as scheduling, interrupt handling, virtualization of computing resources.
• Able to demonstrate an understanding of JAVA programming skills and are comfortable learning new languages.
• Comfortable working independently but able to escalate problems when necessary
• Demonstrate strong oral and written communication skills
• Willing to mentor and guide fellow team members kindly and constructively
• Enjoy sharing knowledge via documentation
• Happy to travel occasionally for team meetings and events
• Able to write PoC code and documentation that clearly demonstrate vulnerabilities
• Proficient with (or able to quickly learn) automation tools such as Selenium
• Able to find solutions to challenging technical puzzles with atypical constraints
• Able to effectively use git and understand common SCM workflows
• Able to write code that is intentional and readable, rather than magically obscure
• Enjoy tinkering
• Ability to list and demonstrate examples of the OWASP Top 10 preferred
• Familiarity with TDD/BDD preferred
• Working knowledge of AWS or other cloud computing platforms preferred
• Familiarity with proxies, firewalls, mail infrastructure, and other solutions commonly seen in large enterprises preferred

Education and/or Experience:

• Bachelor’s degree preferred.
• Previous professional, full-stack app-dev experience preferred
• Have used static analysis security audit tools preferred
• Experience using CI environments (Jenkins/Docker) preferred
• Experience performing threat modeling
• Experience with secure code quality practices and tooling to support quick engagements and rapid analysis - static analysis tools (Coverity, Checkmarx, or similar), dynamic scanning (Rapid 7, AppSpider, or similar), Fuzzing (AFL, Peach, or similar) and code coverage (Bullseye, LDRA, etc) preferred
• Experience with security incident response activities
• Experience penetration testing and the usage of web proxies for manual vulnerability assessment
• Customer support experience (retail, help desk, consulting, etc.) preferred

For more information and to apply, please visit:

https://recruiting.ultipro.com/PHI1008PMINC/JobBoard/2bfae9ff-dc34-4867-b871-a579eae69b54/Opportunit...