Job Summary: 

The Junior Application Security Engineer executes routine information security operations activities related to deploying, monitoring, analyzing, improving and troubleshooting a Secure Systems Development Life Cycle (S-SDLC) and resulting first-party application. With guidance from management and senior staff, supports the implementation of appropriate application and information security procedures and products. Assists senior staff in the evaluation, development, implementation and operational aspects of security standards, procedures and guidelines for multiple platforms and diverse systems environments.

Job Expectations: 

• Assist in threat modeling, scanning, and testing of Web, API’s and Native Applications.

• Manage remediation of any findings from internal or external assessments.

• Assist in utility and script development to improve automation

• Integrate and support security tools (e.g., DAST, SAST, SCA, etc.) in the delivery pipeline and the S-SDLC process.

• Monitor and Maintain Application Security training and related awareness campaigns: Champion the Security & Privacy Awareness Program for Application Development

• Support our compliance programs (such as PCI) by helping implement and document controls, examining evidence for compliance to standards and perform recurring pen-tests of applications in scope. 

Knowledge, Skills and Abilities:

Required:

• Ability to work in a fast paced, rapidly changing environment and a strong desire to learn

• Strong knowledge of OWASP Top 10 (2013 and/or 2017 Version) vulnerabilities and mitigation strategies

• Familiarity with Linux/Unix

• Familiarity with DevOps CI/CD pipelines and software (eg. Jenkins)

• Conceptual knowledge of software design patterns (eg. MVC)

• A working knowledge of application security practices and concepts including intrusion detection/ prevention, authentication, authorization and access controls, risk analysis, vulnerability mitigations, code integrity, and data encryption

• Understanding of common protocols and concepts related to application (eg HTTP, REST API, SOAP API, SAML, OAuth)

• Knowledge of common scripting and application development languages (e.g. C#, Golang, Python, Bash, JavaScript) and/or the ability to learn is required

• Understanding of PCI-DSS and EU GDPR

• Knowledge researching, analyzing and recommending information security solutions

• High degree of accuracy and attention to detail

• Excellent organization skills and ability to multitask

Experience Requirements:

• 2+ years experience within application security or software development

• Experience with various tooling in the Application Security space

• Some experience in offensive security / penetration testing of applications

• Some experience in software development

• Experience identifying, assessing, and remediating technical security vulnerabilities

• Strong organizational, excellent written, verbal and interpersonal communication skills are needed to work effectively with a wide variety of staff, outside consultants and vendors.

Education Requirements: 

• Bachelor’s Degree or higher in Information Technology, Information Security, Computer Science, or a related field strongly preferred. A demonstrable strong experience may be considered as a replacement for a college degree.

• Advanced industry certification strongly desired, e.g. SANS GIAC (CEH - Certified Ethical Hacker or GXPN - Exploit Researcher and Advanced Penetration Tester, are preferred), Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), CompTIA Security+, CISSP,...