Security Engineer AppSec

Roles And Responsibilities

 

• Implement Modern Application Security: Develop and implement robust application security practices, including secure coding guidelines, security testing, and vulnerability assessments.
• Secure SDLC Integration: Integrate security into the SDLC, collaborating with development teams to address security concerns at each phase of the software development process.
• AWS Security Expertise: Leverage AWS security services and features to enhance the security posture of our cloud-native applications and infrastructure.
• Application Security Testing: Conduct and oversee regular security assessments, including penetration testing, code reviews, and vulnerability scanning, to identify and address potential security risks.
• Incident Response: Assist in incident response activities, investigating and mitigating security incidents related to applications.
• Security Training and Awareness: Provide security training and awareness to development teams, promoting a culture of security-first mindset.
• Continuous Improvement: Stay up-to-date with the latest security threats, trends, and best practices, and drive continuous improvement initiatives within the application security domain
• Bachelor's or Master's degree in Computer Science, Information Security, or related field.
• 6+ years of professional experience in application security, with a strong focus on modern application security practices.
• In-depth knowledge of secure coding practices, OWASP Top 10, and common application security vulnerabilities.
• Proficiency in security tools, including static analysis tools, dynamic analysis tools, and open-source security testing frameworks.
• Hands-on experience with AWS services and security features, including IAM, WAF, and KMS.
• Familiarity with DevSecOps principles and integrating security into CI/CD pipelines.
• Experience in conducting security assessments and penetration testing of applications.
• Strong understanding of software development methodologies and the SDLC.
• Security certifications such as CISSP, CSSLP, or CEH are a plus.
• Excellent communication and collaboration skills, with the ability to work effectively in a team-oriented environment.