Application Security Engineer - Mid-level

A Great Place to Share Your Passion and Make a Difference

Coveros helps organizations modernize their software development process by embracing agility, while integrating application security and software quality into the software lifecycle. We provide consulting, coaching, and learning opportunities in Agile, DevOps, AppSec, and Test Automation to enterprises, teams, and individuals. We aim to be Trusted Advisors to our clients who are undergoing change.

Culture at Coveros

As a remote-first company, we provide a stimulating, friendly, and casual work environment, where we live our core values of Client Focused Delivery, Openness, Shared Success, and Building Strong Relationships. In an atmosphere of continuous growth and learning, we invite employee input and employ active mentoring.

Coveros is an equal opportunity employer, dedicated to a policy of non-discrimination in employment on any basis including age, sex, color, race, creed, national origin, religion, marital status, sexual orientation, political belief, or disability.

The Opportunity

Coveros employees share a passion for Application Security and DevSecOps and look to add like minded, hands-on Mid-level Application Security Engineers to our team. The Mid-Level Application Security Engineer will participate in the deployment of solutions that improve the security of software applications and associated delivery infrastructure for clients seeking to improve their application security posture.

This role positions you to help clients build in security during software design and implementation. You will shift application security assurance, expertise, and tools left to secure software continuously as it is designed, implemented, tested, and deployed. With your expertise in software engineering and application security best practices, you will provide Coveros customers with an analysis of their mission-critical applications' risks, vulnerabilities, and exploits.

Your expertise in assessing the maturity of application security programs, as well as in recommending ways to build secure SDLCs, to integrate security governance and control into software lifecycle, and to coach/train teams, enables organizations to improve their overall application security posture over time.

Qualifications

• BS/MS in CS, Software Engineering, or an equivalent technical degree
• Demonstrated problem solving, analytical skills and technical troubleshooting skills
• 2+ years of software development experience in a cross-functional team leveraging Agile and DevOps best practices
• Experience performing threat modeling, design reviews, and secure code reviews on applications and systems
• Familiarity with continuous integration and continuous deployment (CI/CD) pipelines as well as how security fits into the delivery process (i.e. DevSecOps)
• Knowledge of standard approaches and tools for performing static application security testing (SAST), dynamic application security testing (DAST), and software component analysis (SCA) is a must.
• Experience with developer tools such as source code repositories, CI servers, IDEs, test automation
• Knowledge of AWS and/or Azure cloud platforms
• Excellent written and verbal communication skills
• Proven ability to write clear and concise documentation

Pluses

• Experience with Git, GitHub Developer, GitHub Actions, and GitHub Enterprise
• Experience in Linux and UNIX administration
• Previous consulting, coaching, training experience

Responsibilities

• Technical Knowledge
• Experience architecting, designing, implementing, testing, securing, and deploying commercial applications
• Perform hands-on application security assessments of applications and help design and improve the security testing artifacts and process: Create security testing plans and test cases
• Develop detailed application security reports on findings.
• Analyze security configurations and implementation to determine if they ensure resiliency and protect customer data
• Experience performing threat modeling, architectural risk analysis, design reviews, code review, and security testing on applications
• Experience assessing application security posture and creating documentation to define a modern application security/DevSecOps lifecycle
• Team Responsibilities
• Contribute to a team of consultants coaching, training, and implementing DevSecOps solutions and culture across varied clients
• Participate in team collaborations, brainstorms, and client communication to support project success

Coveros is a melting pot of seasoned IT and business professionals from Fortune 500 and leading consulting companies who deliver high value on challenging client engagements. We hire great people and provide room and support for employees’ professional growth. For talented computer scientists and software engineers who share our passion for software, joining Coveros provides an opportunity to work alongside and to learn from brilliant, technical software engineers.

We believe that employees are our greatest asset. Our business model and benefits package reflect that belief.

• Competitive base salaries
• Company-wide profit sharing plan
• 401K with matching percentage
• Comprehensive health benefits, including dental and vision
• Generous paid time off and holidays plan
• Basic Life & Personal Accident Insurance and Disability Insurance
• Voluntary Life and Personal Accident Insurance
• Tuition Reimbursement, plus comprehensive competency-based online skill development training programs
• Adoption Assistance