As an Application Security Engineer, you will work closely with Product Design, Software Development, Production Operations, and other members of the Security group to maintain and enhance the security of our mobile, web, and server software applications. This work involves several technology stacks and multiple hardware, cloud, and SaaS platforms.
- Designs, integrates, and tests a suite of tools for security management of multi-tenant private and public cloud application services.
- Develops secure design patterns for cloud architectures developed in public or private cloud environments.
- Supports vendor and partner security assessments.
- Actively audits the infrastructure and applications for security weaknesses while prioritizing fixes.
- Builds repeatable and testable security infrastructure using DevOps best practices.
- Researches emerging security trends and.
- Provides security expertise on system, network, encryption, authentication, and governance.
- Recommends configuration changes to improve the performance, usability, and value of security tools.
- Assists with product studies, performs requirements analysis, and develops software architectures to meet requirements.
- Creates technical proposals and white papers, writes functional and design specifications.
- Measures compliance against standards.
- Identifies security vulnerabilities in applications written in C++, C#, and Java for Linux and Windows via code reviews and reverse engineering.
- Identifies weaknesses in various network protocols.
- Offers solutions to discovered vulnerabilities.
- Develops tools and scripts to aid in reverse engineering and vulnerability discovery.
- Suggests secure design techniques to management and customers to improve application security posture.
- Prepares reports on project progress and present results to internal and external development teams and management.
- Contributes to maturing process, policy, and standards guidance.
- Maintains current knowledge of relevant vulnerabilities and mitigation techniques.
- Other duties as assigned.
- Bachelor’s degree or 7+ years relevant work experience.
- 3-5 years of experience (preferred) with security management of cloud based services (SaaS) in a fast-paced Agile environment.
- At one or more of the following certifications in Application Security or Pen testing (CSSLP, GSSP-x, CEH, GPEN, GWAPT, GMOB).
- Mid to expert-level knowledge of AWS, Azure, and Google Cloud Platform (GCP).
- Hands-on experience with security management and issues surrounding virtual machines, containers, and applications.
- Strong knowledge of CI/CD build systems (such as Gitlab CI, Jenkins), microservices, and continuous integration/deployment practices.
- Familiarity with cloud-based security standards and frameworks.
- Knowledge of secure SDLC practices.
- Ability to perform manual comprehensive code reviews.
- Strong knowledge of public key cryptography, API security, and SSO strategies
- Understanding of automated code auditing/vulnerability (SAST/DAST) tools such as: HCL AppScan, Veracode, WhiteHat, Burp, ZAP, Paros, etc..
- Experience with automation and DevOps technologies (such as Terraform and Ansible)
- Excellent oral and written communication skills.
- Awareness of security standards and frameworks relevant to the SaaS industry (e.g. ISO, NIST, CSA).
Vacancy Type: Full Time
Job Location: San Antonio, TX, US
Application Deadline: N/A