Job #: 2391
Title: Application Security
The Software Security Engineer ensures the control and protection of software, improve the software development process, and minimize vulnerabilities in software production.
Well qualified candidates for this position will demonstrate the following key traits:
1. Prior hands-on engineering experience on a Software Security or Application Security team
2. Experience partnering with development teams to balance innovation and security concerns
3. Capable of analyzing large amounts of disparate data to produce easily understandable content
4. Ability to learn new systems, tools and processes quickly.
Well qualified candidates will also demonstrate expertise in the following technical areas:
1. Application engineering strategy and architecture design and experience in software development
2. Ability to perform security code reviews with Java/Spring and various JS frameworks.
3. Expert knowledge in application vulnerability types, attack vectors and remediation approaches
4. Industry best practices for secure software development as well as web and mobile application security.
5. Application penetration testing using BURP Suite and other open source pen-test tools.
6. Prior experience with Imperva WAF policy and tuning a plus.
7. Experience with vulnerability scanning tools such as Fortify, Blackduck, Checkmarx, Whitehat and Seeker.
8. Working knowledge of authentication, authorization, access management, and encryption technology.
9. Expert understanding of the IP protocols and associated security mechanisms: TCP/IP, HTTP, SSL/TLS.
10. Familiarity with well-known application security sources and standards such as OWASP.