Security - Application Security Engineer
12 months
Fully remote
Candidates can be any time zone
Required Qualifications:
* Extensive experience in application security principles and best practices
* Experience using common application security testing tools and techniques to perform security assessments across web/mobile/API technologies
* Extensive knowledge of application security vulnerabilities related to web/mobile/API technologies
* Experience identifying security issues, assessing their risk, and providing remediation guidance
* Experience driving application security analysis at all parts of the Software Development Lifecycle
* Experience with BurpSuite, Charles, Zap, or some web proxy for traffic inspection
Preferred Qualifications:
* Experience utilizing GitHub product features, such as GitHub Actions and Supply Chain Security
* Experience automating AppSec tooling and data collection using scripting languages such as Python
* Familiar with industry standards such as OWASP Application Security Verification Standard (ASVS) and OAuth2
* Knowledge of authentication and authorization options and standards
* Knowledge of API security architecture and technologies.
* Knowledge of Cloud architecture security with providers such as AWS
* Good exposure to CI/CD Pipeline with Jenkins, Docker-based deployment (Kubernetes), and GitHub.
Bonus:
* Experience using CodeQL and writing CodeQL queries