Application Security Engineer in Redlands, CA

View All Information Technology jobs

Industry:

Information Technology   •  

5 - 7 years

Posted 8 weeks ago

  • Work with web application developers to "build security in" as part of Esri's development lifecycle
  • Manage the automation and orchestration of our testing products
  • Validate the correct operation of security controls within applications
  • Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures
  • Assist our Web Application Firewall team in implementing appropriate controls for our websites
  • Perform web application penetration testing to identify potential security issues and vulnerabilities
  • Assess/calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing
  • Coordinate with other business units conducting security testing
  • Ensure automated security testing and orchestration tools are available for use by other business units

REQUIREMENTS

  • 5+ years of experience in information security with a heavy emphasis on application security, penetration testing, and vulnerability assessment
  • Ability to demonstrate manual testing experience including all of the OWASP Top 10
  • Advanced experience with testing tools such as Burp Suite Pro, AppSpider, Acunetix, among others
  • Understanding of web services technologies such as XML, JSON, SOAP, REST, and AJAX
  • Understanding of various web application frameworks such as ASP.NET, J2EE, and MEAN stack
  • Web server configuration knowledge (NGINX, Apache HTTP Server, Apache Tomcat)
  • Advanced knowledge and experience with OS and network security
  • Bachelor's in computer science or related field, or equivalent work experience

RECOMMENDED QUALIFICATIONS

  • Technical certifications that support pen testing such as CEH, OSCP/OSCE, GPEN/GXPN/GWAPT
  • Information security certifications such as CISSP, SSCP, GIAC, GSE
  • In-depth understanding of layer 2-7 communication protocols, common encoding and encryption schemes, and algorithms
  • Previous software development experience to support penetration testing including vuln dev, tool modules, covert tunneling, scanning scripts, passive collection, etc.
  • Proficiency in any of the following languages: C#, Python, Ruby, Perl, Bourne/Bash, PowerShell, Visual Basic, VBScript, PHP, JavaScript, SQL, CFML, Java
  • Experience in defeating WAFs and other filtering mechanisms