Esri

Sr. Application Security Engineer

Esri$93K — $157K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in application security, covering both manual and automated testing techniques
  • Experience with risk assessment using a consistent risk management framework
  • Proficient in developing automation using programming languages such as Python, Typescript, or Java
  • Skilled in managing GitHub Actions workflows effectively
  • Hands-on experience in DevSecOps environments, especially with Kubernetes
  • Ability to analyze code for security vulnerabilities and design flaws
  • Familiar with web application security standards like HTTP and OAuth

Responsibilities

  • Design and enhance application security testing pipelines
  • Evaluate application risks and suggest appropriate mitigations
  • Conduct security reviews of code developed across various frameworks
  • Perform application layer penetration tests to identify security issues
  • Offer security guidance and mentorship to development teams as required

Benefits

  • Comprehensive medical, dental, and vision insurance for employees and their families
  • 401(k) retirement plan with profit-sharing options
  • Generous vacation policy with at least 80 hours of leave per year
  • Twelve paid holidays annually
  • Opportunities for personal and professional development
  • Basic and supplemental life insurance
Full Job Description
Responsibilities
  • Design, operate, and continuously improve application security testing capabilities and pipelines
  • Assess application risks and recommend mitigations
  • Perform application layer security reviews of the code developed by our application teams, across multiple languages and frameworks used internally
  • Assist with application layer penetration testing to identify potential issues
  • Provide application security guidance and mentorship to development teams as needed

Requirements
  • 5+ years of experience in application security, including manual and automated code reviews, manual penetration testing, dynamic application security testing, and false positive analysis of code, pen test, and open-source security findings
  • Demonstrated experience determining risk based on analysis/findings using a consistent risk management framework
  • Proven ability to develop automations/applications using Python, Typescript, Java, or PowerShell
  • Experience creating and maintaining reusable GitHub Actions workflows, with expertise in all aspects of GitHub workflow management
  • Hands-on experience working in a DevSecOps environment built on Kubernetes with a strong knowledge of Kubernetes security best practices
  • Ability to read and analyze code for security and design vulnerabilities
  • Solid understanding of common web application security standards (HTTP, OAuth, OIDC, REST, and more)
  • Experience working with cloud platforms, specifically AWS and Azure
  • Willingness to learn new skills and enhance workflows using various AI tools
  • US citizenship and willingness and ability to maintain a US Security Clearance
  • Bachelor's degree in computer science or related field

Recommended Qualifications
  • Proficiency in any of the following languages: C#, Python, Bash/Shell, PowerShell, JavaScript, SQL, Java
  • Familiarity with AI-assisted coding practices, including tools such as GitHub Copilot, and an understanding of the security implications and risks introduced by AI-generated code
  • Practical experience interpreting findings from application pen testing, code scanning and open-source scanners to determine the risk and collaborate with developers to resolve them
  • Understanding of layer 2-7 communication protocols, common encoding and encryption schemes, and algorithms

#LI-TM1

#LI-onsite

Total Rewards

Esri's competitive total rewards strategy includes industry-leading health and welfare benefits: medical, dental, vision, basic and supplemental life insurance for employees (and their families), 401(k) and profit-sharing programs, minimum accrual of 80 hours of vacation leave, twelve paid holidays throughout the calendar year, and opportunities for personal and professional growth. Base salary is one component of our total rewards strategy. Compensation decisions and the base range for this role take into account many factors including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

A reasonable estimate of the base salary range is

$93,600-$157,560 USD

About Esri

Esri is a global leader in geographic information system (GIS) software, location intelligence, and mapping. The company was founded in 1969 and is headquartered in Redlands, California. Esri's software is used by governments, businesses, and non-profit organizations worldwide to analyze and visualize data in order to make better decisions. The company's flagship product, ArcGIS, is a powerful mapping and analytics platform that allows users to create, manage, and share geographic information. Esri has a strong commitment to sustainability and social responsibility, and works to promote environmental stewardship and social equity through its products and services.
Learn more about Esri
Size
11,000 employees
Industry
Founded
1969

Similar Jobs

More Jobs at Esri

More Information Technology Jobs

Find similar Sr. Application Security Engineer jobs: