SanFranRecruiter Since 2001
the smart solution for San Francisco jobs

REMOTE Sr Application Security Engineer

Company: Glassdoor, Inc.
Location: San Francisco
Posted on: September 16, 2021

Job Description:

The Senior Application Security Engineer will integrate security features, tools, and validation/detection processes product development lifecycle. This role will work closely with Product and Engineering organizations to model cyber security threats, coordinate or perform proactive network and application penetration tests, develop tools and processes to automate the identification of security flaws, and identify effective mitigating controls where feasible in the application stack to build resilience into the products. The incumbent will partner with Engineering Teams to diagnose, document, and remediate application security vulnerabilities. Additional include evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.


Position Duties


Partner with Product Development Teams to formulate and implement a strategy for software security that is tailored to the specific risks faced by the product and its targeted consumers.


Conduct application security assessments and aggregate threat intelligence regularly to identify attack vectors against infrastructure and products. Mitigate risk by updating the protection mechanism and developing appropriate detections via appropriate tools to facilitate effective incident response processes.


Develop and maintain a risk-based application security program based on a well-defined application security framework.


Develop an application security awareness and training curriculum in collaboration with Engineering Organization.


Continuously evaluate the organizations existing application security practices, define and measure security-related activities, and demonstrate concrete improvements to the application assurance program within the organization.


Coordinate or conduct application penetration testing and drive remediation efforts to completion.


Identify, develop, and integrate security testing tools, including but not limited to SAST, IAST, and SCA, into continuous integration and continuous development framework.


Provide operational and executive-level reporting based on agreed-upon metrics that demonstrate program performance progression and material-impacting risk reduction.


Provide recommendations on security requirements to be included in product design and security testing.


Provide recommendations to the Risk Management Framework process activities and related documentation


Research and design ways to achieve risk reduction objectives in creative ways, including rapidly growing our current tool stack where appropriate


Part of the security incident response team.


Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks


Document security processes and standards.




Attacker/Red Team Mindset


Familiarity w/ cyb-sec frameworks i.e. NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK and OWASP Top Ten


CISSP, GWEB, GCIH, GCSA, GIAC, GCPN Cert


BG from tech/Med/Defense/Finance


Live and breathe cybersecurity-quote from HM




3+ years exp in Application Security engineering


Experience with AWS


Experience with Java, Node.js, Go, and Python


Deep knowledge of crypto, authentication, and authorization protocols/standards (SSL/TLS, SAML, OAuth, JWT Tokens)



Keywords: Glassdoor, Inc., San Francisco , REMOTE Sr Application Security Engineer, Other , San Francisco, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest California jobs by following @recnetCA on Twitter!

San Francisco RSS job feeds