Job Requirements
This job post is managed by
Job description for Application Security Engineer at Dkatalis
About the job
- Provide subject matter expertise on secure coding practices and security design based on current knowledge of security threats and vulnerabilities that could impact the technology stack
- Support definition of Secure SDLC standard to include security architecture, design, and coding requirements for infrastructure, application, and data to align with application security maturity model and adopt a shift-left approach for security.
- Evaluate various application security tools, including SAST, DAST, SCA, IAST, and Pen Testing, and operationalize security tools for integration with CI/CD.
- Explains and interprets the vulnerability report items to development staff.
- Perform application testing and review security test results from scans and penetration testing to identify possible vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.
- Develop security controls and processes for products and services developed and deployed for both cloud environments, preferably GCP.
- Perform threat modeling, conduct security architecture reviews, and provide training to architects and developers to enhance the adoption of secure coding practice within the product development lifecycle.
- Provide security-related coaching and expertise to drive and elevate security expertise within the development teams.
- Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiums
- This position is also subject to being "on-call" for emergencies requiring immediate resolution.
- Minimum 4-6 yrs of experience building production web applications and services in at least two on some of the following languages: Node JS, Java, React-Native, Android / Flutter,
- Experience performing Red Team operations in enterprise environments
- Experience in software coding/development including, scripting languages
- Building, deploying and managing Red Team operational infrastructure
- Knowledge of adversarial TTPs
- Experience with compromise and lateral movement in Mac, Linux, and Windows environments
- Open-source intelligence gathering and social engineering
- Web and mobile application assessments
- Wireless and network assessments
- Experience with custom payloads and exploit use in a production environment
- CVE/Bug bounty/responsible disclosures
- Knowledge of secure architecture and design patterns for Web, Mobile, and Microservices
- CI/CD and Appsec Tools: Sonar, Fortify, Checkmarx
- Reverse Engineering and Fuzzing to identify potential vulnerabilities
- Exploit development
- Security / Forensics Tools: Burp, Nmap, Nessus, NetStumbler, Cain & Abel, THC Hydra, W3af, GFI LANguard, Wireshark (Tshark), WinDump (TCPDump), Web inspect, tcpreplay, Access Data FTK, Encase, Helix, etc.
- OS & Testing Distros: RH Linux, CentOS, Fedora, Windows / XP / 7 / 10 / BackTrack, Kali Linux, PentestBox etc.
- Frameworks/Guidelines: ISO27001, NIST, ITU-T, OWASP, WASC, etc.
- Information security certifications: GPEN, OSCP, OSCE, OSWE
Glints Safety Tips
Don't provide your bank or credit card details when applying for jobs. Legitimate employers and hiring managers do not require an application fee or expect you to pay for training.
Learn More