Application Security Engineer

Job Overview:

We are looking for a talented and experienced Application Security Engineer to join our team. The ideal candidate will have a strong understanding of application security standards, tools, and methodologies and will be responsible for conducting security assessments, penetration testing, and vulnerability analysis for web and mobile applications. This role requires hands-on experience with both automated and manual testing tools, familiarity with security mechanisms, and a commitment to improving the overall security posture of the organization.

Key Responsibilities:

Conduct security assessments for both web and mobile applications.

Perform vulnerability assessments and penetration tests using tools such as Burp Suite Pro, AppScan, Veracode, Fortify, WebInspect, Acunetix, etc.

Leverage mobile application testing tools like Drozer, Xposed, MobSF, SSLTrustKiller, Frida, apktool, dex2jar, jadx, and IDA for iOS and Android applications.

Conduct thorough testing of APIs to identify security flaws.

Utilize OWASP and SANS standards to guide security practices.

Stay up to date with the latest security testing tools, techniques, and ethical hacking methodologies.

Compile and present risk-based findings to stakeholders, providing detailed reports and suggesting appropriate mitigations.

Provide expertise on penetration testing methodologies, including black box, grey box, and white box testing.

Demonstrate proficiency with common penetration testing tools such as nmap, Wireshark, Kali Linux, Metasploit, OpenVAS, OWSAP ZAP, Accunetix, Nikto, Nessus, and sqlmap.

Assist development teams with implementing penetration tests as part of the Secure Software Development Life Cycle (Secure SDLC).

Create and refine security checklists tailored to organizational needs.

Ensure continuous security improvement by making suggestions for system and process enhancements.

Experience working with SaaS, IaaS, and PaaS environments, helping integrate and optimize security technologies and processes.

Skills and Qualifications:

Proficiency with OWASP Top 10 and SANS security standards.

Strong experience in using security assessment tools, including both static (SAST) and dynamic (DAST) application security testing tools.

Hands-on experience with mobile application security testing and mobile-specific vulnerabilities. Proficient with web technologies such as J2EE, XML, JSON, SOAP, REST, and AJAX.

Basic programming knowledge in Java, JavaScript, and SQL.

Familiarity with encryption, authentication, and authorization techniques for secure software development.

Experience in automating security testing using scripting languages like Python, Bash, or Java.

Knowledge of network security and vulnerability assessment practices.

Experience in Secure Code Review and identifying vulnerabilities in the source code.

Strong understanding of various security techniques and risk assessment processes.

Certifications:

Certified Ethical Hacker (CEH) or equivalent certifications related to application security.

Desired Competencies:

OWASP, Burp Suite, Web Application Security, Acunetix, Vulnerability Assessment, Network Security, Mobile Application Security.

Proficient in Secure Code Review, Python, Bash, Java, and Automation scripting.