Job DescriptionFragomen is seeking a Security Engineer - Application Security to join our talented Cyber Security team in our Technology Innovation Lab in Pittsburgh.
Our industry-leading, immigration specific software and supporting infrastructure is undergoing tremendous transformation and security is on the critical path to success in that endeavor. A professional, who is passionate about security, capable of effecting change, and ready to build a strong AppSec program, is what we seek. You will be joining a small team of Security Engineers who make security a distinguishing factor in our technological offerings. A successful candidate will help engineer solutions to secure software development, identify threats and mitigate vulnerabilities throughout our environment.
What an Application Security Engineer does at Fragomen:- Build, deploy and maintain tooling to validate and track security controls in and around our code
- Work closely with application development and infrastructure architectural teams to create code which is secure by design and default
- Triage programmatic source code findings and automate penetration testing to decrease potential introduction of vulnerabilities
- Lead and collaborate with developers on secure coding techniques and threat modeling
- Contribute to vulnerability detection and remediation of technological offerings
- Deploy developed or OTS security applications to support our efforts
- Participate in a cross-functional response to cyber security incidents
- Work closely the security team to establish prevention, detection and mitigation techniques
- Support the scoping and rules of engagement of our penetration testing regime
Let's talk if you have the following experience, knowledge, skills and education:- A passionate team player who builds knowledge and solves complex problems
- 5+ years of web application development (.net, python, java, etc.)
- Secure SDLC (Software Development Life Cycle), DAST (Dynamic Application Security Testing), and SAST (Static Application Security Testing) experience
- Demonstrated understanding of web application penetration testing, secure coding and source code analysis
- Strong, professional communication skills that maintain under pressure
These things are great, but not required:- Experience in developing highly automated detection and triage tools
- Deep understanding of cyber security techniques
- Technical certification demonstrating technical prowess in secure software development e.g. Certified Secure Software Lifecycle Professional (CSSLP), or Certified Application Security Engineer (CASE) or similar
- BA degree in a related field or a combination of related experience is a must
