Application Security Engineer

Razorsight   •  

Phoenix, AZ

Industry: Telecommunications


5 - 7 years

Posted 39 days ago

This job is no longer available.

The Cyber Security– Application Security Engineer will play a critical role in code security and secure software development life cycle. It will encompass a broad range of information security controls to ensure the confidentiality, integrity, and availability of enterprise data stored on a variety of vendor database solutions. The job is composed of tactical, operational and strategic functions and responsibilities.

Position Requirements

  • Conduct static and dynamic analysis on a variety of code bases and platforms.
  • Through standard enterprise tools, discover security vulnerabilities in web and mobile applications and provide recommended remediation steps to developers.
  • Recommend industry best practices for vulnerability and threat management remediation.
  • Document findings for management and technical staff and recommend mitigating actions.
  • Work with internal customers to determine their need for security assessments, present and explain the employed methodology, and support them with feedback and verification during mitigation.
  • Develop training on secure coding techniques and security awareness for technical staff (e.g., software developers).
  • Bachelor’s Degree in Information Technology, Cyber Security, Computer Security, Computer Science or related field required.
  • 6 years of development experience in web or mobile or
  • 4 years of application security engineering experience
  • Ability to maintain composure in a dynamic environment
  • Individual must be proactive, self-motivated, detail-oriented, creative, inquisitive and persistent
  • Strong leadership skills, including ability to execute and prioritize a number of tasks simultaneously
  • Ability to organize, plan and implement work assignments, prioritize competing demands and work under pressure of frequent and tight deadlines
  • Experience in conducting and facilitating discussions with employees across all levels & departments
  • Excellent up-to-date technical and hands-on knowledge and experience in current attack methods, penetration testing methods, and hacking tools, specifically for web and mobile applications required.
    • Tools: Fortify Suite, NMap, Nessus, Burp suite, Metasploit, AppScan Standard, AppScan Source, McAfee Vulnerability Manager, Core Impact
    • Common vulnerabilities and how to find and verify them: authentication (e.g., secure transmission, weak login mechanisms, backend authentication, weak SSL configuration), authorization (e.g., session handling, replay, fixation), client-side attacks (e.g., XSS, CSRF), information disclosure (e.g., error handling, debug information), code injection (e.g., SQL, OS commands, buffer overflow, format strings), logic attacks (e.g., lockout, flooding, insufficient anti-automation, spoofing), review of secure configuration of OS and network devices
    • Knowledge of the J2EE technology stack a must but proficiency in .Net stack a plus