We are seeking a Web Application Security Engineer to join our IT Security team. As a key member of the team, you will be responsible for addressing information security requirements during all aspects of our application development process. You will have an opportunity to find, validate, and fix security vulnerabilities on strategic global development projects. You will also be developing development security standards, influencing projects during all phases of the SDLC, using application vulnerability assessment tools, and performing code reviews.
As the security representative, you will work on strategic global development projects. You will provide security insight during the design, development, test, and release of our core products. Additionally, you will assess the security requirements and capabilities of SaaS applications used by MathWorks. Specific responsibilities include:
- Evaluate the security of applications through design and code reviews, adherence to application security standards, and application vulnerability assessments.
- Conduct web application security scans, analyze results for false positives, prioritize vulnerabilities, and research and propose remediation steps.
- Find and remediate application vulnerabilities by reviewing source code.
- Draft, evaluate, and monitor compliance with application and development security standards.
- Participate in application design and architecture reviews.
- Provide security design and vendor configuration reviews for project implementation, including SaaS and offsite hosting applications.
- Advocate for security requirements during all phases of the SDLC.
- A bachelor's degree and 3 years of professional work experience (or a master's degree) is required.
- Experience with OWASP or NIST 800-64 a plus
- Experience with application security assessment tools such as: AppScan, WebInspect, Fortify, Veracode, WebScarab, Paros Proxy, Burp Suite, etc
- Experience in engineering or assessing the security of cloud, SaaS, and multi-tenanted applications including designing authentication and authorization requirements
- Active member of IT Security user groups or security certification (CISSP, CEH, OSCP, etc.) is a plus