Job Requirements
3 - 5 years of experience
Skills
Job description for Application Security Engineer at Envoy Search Partners
We are looking for experienced Application Security Engineer to effectively maintain the automated source code scanning platform, to perform secure code reviews as well as support the automated penetration test delivery within the organization and also upskill the developers by training on secure coding.
Responsibilities
● Responsible to propose and integrate security practices and processes into software development to ensure the delivery of applications have vulnerabilities resolved and mitigated
● Responsible to develop secure application development practices, standards, guidelines and solutions towards adopting technical best practices and uplifting the Application Security (AppSec) capabilities within the organization
● Perform Application Security assessment using a combination of threat modelling, vulnerability research, code scanning, application security testing with recommendation of proper remediation actions
● Work closely with Development for vulnerability mitigations and help in removing the false positive from the static and dynamic application security report
● Work closely with DevOps Team to create tools and automation to help test and improve the security in the CI/CD pipeline like Jenkins, Bitrise, AWS Codebuild etc
● Identify gaps in security and improve security protocols and procedures in application development processes
● Enhance security competency in development teams implementing the secure coding training platform like Secure Code Warrior
● Provide training to the development team on security standards, policies, procedures and best practices related to secure coding for Web and Mobile.
Requirements
● Bachelor in Computer Science or related field required;
● Has at least 1- years of work experience in development;
● Has at least 3 - years of work experience in the area of application security;
● Experienced in conducting secure code review, dynamic application security testing and manual security testing for both Web and Mobile applications;
● Experience in threat modelling - able to prepare threat profile to identify, quantify and address security risks;
● Familiar with CI/CD and DevOps concepts and how security testing can be integrated and automated as part of software delivery pipelines;
● Familiar with secure Web Services, Web and mobile API architecture (such as REST, SOAP, SSL/TLS, HTTPS);
● Familiar with common web, mobile application vulnerabilities and technical knowledge to address and mitigate vulnerabilities;
● Knowledge of security best practices, secure coding practice guidelines, OWASP top 10 web and mobile;