REMOTE Sr Application Security Engineer
Company: Glassdoor, Inc.
Location: San Francisco
Posted on: September 16, 2021
The Senior Application Security Engineer will integrate security
features, tools, and validation/detection processes product
development lifecycle. This role will work closely with Product and
Engineering organizations to model cyber security threats,
coordinate or perform proactive network and application penetration
tests, develop tools and processes to automate the identification
of security flaws, and identify effective mitigating controls where
feasible in the application stack to build resilience into the
products. The incumbent will partner with Engineering Teams to
diagnose, document, and remediate application security
vulnerabilities. Additional include evaluating, recommending, and
implementing application security related software in an automated
continuous integration/deployment environment.
Partner with Product Development Teams to formulate and implement a
strategy for software security that is tailored to the specific
risks faced by the product and its targeted consumers.
Conduct application security assessments and aggregate threat
intelligence regularly to identify attack vectors against
infrastructure and products. Mitigate risk by updating the
protection mechanism and developing appropriate detections via
appropriate tools to facilitate effective incident response
Develop and maintain a risk-based application security program
based on a well-defined application security framework.
Develop an application security awareness and training curriculum
in collaboration with Engineering Organization.
Continuously evaluate the organizations existing application
security practices, define and measure security-related activities,
and demonstrate concrete improvements to the application assurance
program within the organization.
Coordinate or conduct application penetration testing and drive
remediation efforts to completion.
Identify, develop, and integrate security testing tools, including
but not limited to SAST, IAST, and SCA, into continuous integration
and continuous development framework.
Provide operational and executive-level reporting based on
agreed-upon metrics that demonstrate program performance
progression and material-impacting risk reduction.
Provide recommendations on security requirements to be included in
product design and security testing.
Provide recommendations to the Risk Management Framework process
activities and related documentation
Research and design ways to achieve risk reduction objectives in
creative ways, including rapidly growing our current tool stack
Part of the security incident response team.
Assess risk arising from third-parties, vendors and partners in our
ecosystem and design controls to mitigate such risks
Document security processes and standards.
Attacker/Red Team Mindset
Familiarity w/ cyb-sec frameworks i.e. NIST 800-53, NIST CSF, CIS
Top 20, MITRE ATT&CK and OWASP Top Ten
CISSP, GWEB, GCIH, GCSA, GIAC, GCPN Cert
BG from tech/Med/Defense/Finance
Live and breathe cybersecurity-quote from HM
3+ years exp in Application Security engineering
Experience with AWS
Experience with Java, Node.js, Go, and Python
Deep knowledge of crypto, authentication, and authorization
protocols/standards (SSL/TLS, SAML, OAuth, JWT Tokens)
Keywords: Glassdoor, Inc., San Francisco , REMOTE Sr Application Security Engineer, Other , San Francisco, California
Didn't find what you're looking for? Search again!