Application Security Engineers work closely with development teams, product managers (PM), and Quality Engineers to ensure that Cellulant’s products are secure. As an application security engineer, you will be required to set security controls and design requirements during the software creation and development stage of the software lifecycle. You will also be required to lead the integration of these designs into the software.
In this position, you are a passionate and talented application security engineer with a very deep understanding of OWASP, CWE 25, Data Protection, Access management software vulnerabilities, and best practices design and threat modeling skills who can work in a dynamic environment. You must be dedicated to able to work with developers in producing secure code in short time frames and be willing to go beyond the standard routine.
You will work closely with Software Engineers, DevOps Engineers, Software Quality Engineers and Product Managers within existing product teams to deliver high-quality software releases.
- Performing security-focused code reviews.
- Supporting and consulting with product and development teams in the area of application security, including threat modeling and application security reviews.
- Assisting teams in reproducing, triaging, and addressing application security vulnerabilities.
- Assisting in the development of security processes and automated tooling that prevent classes of security issues.
- Leading both critical and regular security releases.
- Leading application security reviews and threat modeling, including code review and dynamic testing.
- Leading the development of automated security testing to validate that secure coding best practices are being used.
- Guiding and advising product development teams as SMEs in the area of application security.
- Developing security training and socializing the material with internal development teams.
- Participating and assisting in initiatives to holistically address multiple vulnerabilities found across our product spectrum
QUALIFICATIONS & EXPERIENCE:
Must have experience:
- 3-5 Years of Experience in Application Security, SSDLC, and Threat Modelling with an MS/BS degree in Information System Management / Computer Science / Information Security or a related technical discipline with at least 2 years of Software Development experience.
- MUST have a deep understanding of OWASP Top 10 and CWE 25; with a proven track record and experience in implementing and integrating remediation strategies.
- Well-versed in application design, penetration testing, application risk assessment, and risk categorization.
- Experience in managing application security testing tools like SAST, DAST and Open Source Vulnerability Scanning.
- Solid problem-solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
- Able to work well with software engineering teams.
- Experience identifying security issues through code reviews.
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- Familiarity with some common security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
- Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
- A basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
- CICD (Continuous Integration Continuous Development) – Circle CI, Jenkins, GitHub
- Must be a self-starter, able to work under pressure and with limited supervision both individually and with other team members
Experience that will count in your favor:
- Experience working in Agile teams
- Experience in Linux operating systems
- Excellent organization and time management skills and ability to work independently with minimal supervision
- Must be able to work in a fast-paced environment and manage priorities and multi-task.