Application Security Engineer
NinjaJobs
- United States
Roles & Responsibilities:
- Review and design application security controls and cloud security architectures.
- Conduct manual secure code reviews and assessments for web, non-web, and cloud applications.
- Interact with developers to gather source code details, conduct code reviews, and provide remediation assistance.
- Document vulnerabilities and assist with mitigation.
- Validate fixes on reported vulnerabilities.
- Coordinate with local and onsite teams, including vendor consultants.
- Provide regular status updates on tasks and deliverables.
Qualifications:
- Bachelor’s degree in computer science or a related discipline preferred.
- 4-5 years of experience in secure coding and code reviews.
- Proficient in identifying OWASP Top 10 vulnerabilities and SANS Top 25 programming errors.
- Strong knowledge of secure coding principles in Java, Angular/Node JS, JavaScript, Python, Ruby, etc.
- Familiar with security frameworks (OWASP, SANS CWE) and secure coding practices.
- Experience with web stack technologies (HTTP, HTML5, AJAX, REST) and platforms (Tomcat, .Net, MS SQL).
- Skilled in creating custom proof of concept application exploits using various scripting languages.
- Understanding of authentication and authorization mechanisms across web technologies and protocols (SSL/TLS, REST, OAuth, SAML).
- Knowledge of DevSecOps and cloud/container infrastructures.
- At least 4 years of development experience with 3+ years in secure code review and application security.
- Excellent communication and organizational skills.
- Relevant certifications (CSSLP, GSSP-Java, CSP) are a plus.
Posted On: Wednesday, July 31, 2024
Compensation: 150,000-170,000