Application Security Engineer
Job Description
Responsibilities:
1. Conduct security assessments and penetration testing on web and mobile applications
2. Identify vulnerabilities and provide remediation guidance to development teams
3. Integrate security tools and practices into the software development lifecycle
4. Document and report security findings and work with stakeholders to ensure resolution
5. Continuously improve security processes and stay updated on emerging threats
Technology Stack & Skills:
1. Conduct security assessments and penetration testing on web and mobile applications
2. Identify vulnerabilities and provide remediation guidance to development teams
3. Integrate security tools and practices into the software development lifecycle
4. Document and report security findings and work with stakeholders to ensure resolution
5. Continuously improve security processes and stay updated on emerging threats
Technology Stack & Skills:
- Programming Languages : Proficiency in Python, Bash, Shell scripting, and other automation scripting languages
- Security Tools : Extensive experience with OWASP ZAP, Burp Suite, and Kali Linux
- Mobile Application Security : Strong knowledge in securing mobile applications
- Threat Modeling : Ability to effectively threat model web, mobile, and API-based applications
- OWASP Standards : In-depth understanding of OWASP Top 10 vulnerabilities for Web, Mobile, and APIs
- Security Testing Methodologies : Experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST)
- Continuous Learning : A passion for learning new technologies and improving skills
- Application Security Testing : Expertise in testing web, mobile, and API-based applications using industry-standard security practices
- Server Hardening : Experience in hardening and securing web servers
- Documentation & Reporting : Ability to create detailed security documentation and reporting
Preferred Skills:
Programming: Experience with secure coding practices and automation scripting
Security Automation: Knowledge in automating vulnerability testing and integrating security tools into CI/CD pipelines
Secure Coding Techniques: Familiarity with secure development practices and techniques
Certifications: Entry-level security certifications such as below (would be a plus):
CompTIA Security+
Certified Ethical Hacker (CEH)
GIAC Security Essentials (GSEC)
eLearnSecurity Junior Penetration Tester (eJPT)