Posted on: 06/01/2022
Job ID: YATS06202213126464
The position is a great opportunity for an entry level Application Security Engineer or people who want to jump into Application Security Career path. You will provide hands-on validation of static code analysis results and software composition analysis results, then communicate with developers to fix with guidance. You will work with another application security engineer and be a part of the security team for the assigned business domain.
- Collaborate with engineers to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).
- Perform hands-on analysis against static code scan results and software composition scan results of products and services to proactively discover risks and supervise them to resolution.
- High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.
- Collaborate with other application security engineers to align tasks with product development schedules and complete tasks in every release timing.
- Participating in ad hoc projects as needed and assisting management with requests related to servicing oversight
- Additional responsibilities as required by management
- 2+ years’ experience working within software development.
- A bachelor’s degree in Computer Science/Information Security/Cyber Security or equivalent.
- Excellent written and oral communication skills, as well as social skills including the ability to articulate to both technical and non-technical audiences.
- Able to work both independently as well with development teams and multi-task effectively.
- Firm understanding of enterprise class application architectures that are highly scalable and reliable and the expertise to secure them.
- Experience of security architecture and design reviews.
- Experience with multiple languages such as Java, Go, Python and Perl etc. and understand how to detect and remedy related security issues such as OWASP top 10.
- Excellent analytical, evaluative, and problem-solving abilities.
- Experience with securing host, database, and application solutions for multi-tier systems.
- Experience with Penetration Testing.
- Knowledge of automated attack tools and developing mitigation techniques.
- Hacker Mindset and always strives to think like an attacker.
- Experience with AWS and Akamai technologies.
- Technical certifications within information security are a plus (CISSP, CCSP, GIAC or equivalents).