As Senior Application Security Engineer, you will play a pivotal role in the integration of security into our Software Development Lifecycle. This is a critical role withing the Information Security organization to safeguard an environment where code changes happen rapidly. You will build security control testing at scale while balancing risk reduction and pragmatism.
Primary Responsibilities:
- Play a lead role in developing and designing application security integration and automation within CI/CD
- Enhance and streamline application security workflows and processes
- Be a subject matter expert in all application security tooling (SAST, DAST, SCA, Container, IaC) and provide recommendations for remediation of findings
- Enable automation for vulnerability management workflows and reporting
- Empower partner engineering teams through frictionless security testing
- Lead scoping and requirements for manual penetration testing driven internally and by third parties
Requirements:
- Strong foundation in software engineering, DevSecOps, and Secure SDLC
- Proven prior experience and demonstrable recurring success in application security concepts and tooling
- Strong foundation in SCM and CI/CD and success with implementation and integration of AppSec tooling into these platforms
- Prior experience across web security, secure coding, software development, cryptography, and system design
- Expert knowledge in common web security vulnerabilities (OWASP top 10) and remediation
