Application Security Engineer (2019-122) Seattle, Washington

  • Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile and more
  • Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications
  • Create threat models that result in more secure application design
  • Design and develop security testing scenarios
  • Analyze and present results of testing to team members, managers and customers
  • Write detailed problem reports, test plan documents, and mitigation recommendations as needed
  • Develop tools to aid penetration test automation and effectiveness
  • Review code for common security vulnerabilities
  • Possible travel to client sites to conduct in-person security reviews and assessments
  • Proactively Scan Perimeter network for vulnerabilities (Hosts, Ports, Applications, TLS)
  • Monitor Application log files for active attacks (Develop Monitoring and Alerts for log systems)
  • Keep adept on newly emerging threats and provide guidance and verify mitigations to these threats
  • Be in an on-call rotation ready to provide incident response within 1 hour during work hours or 2 hours off hours


 What we’re really looking for, even if your resume doesn’t say it, is someone versed and capable in one or many of the following areas:

  • Penetration Testing and Ethical Hacking
  • Dynamic and/or Static Code Analysis
  • Software Development
  • Interest in conducting security research


What we expect of our applicants:

  • B.S. in Computer Science or related degree
  • Minimum 5-years of experience in a technical role
  • Completed CISSP, CISA, CEH, CAP, Security+, or a similar security certification
  • Develop custom security tools to improve coverage and validate findings
  • Work with Agile, GIT, and release planning
  • Penetration testing methodologies, tools, and tactics such as Fuzzing, GDB, Burp, Nmap, OWASP, Metasploit, Sqlmap, dynamic/static analysis
  • Penetration testing and white hat hacking
  • Incident response for PCI-compliant systems in a large production environment (over 1,000,000 users)


These skills are not required, but if you have any of them, you are likely a good candidate for the position:

  • Develop in Perl, Java EE, Python, and C/C++
  • Develop on Linux and Windows platforms
  • Enterprise services such as LDAP, SAML, API Gateways, secure web services
  • Familiarity with Informix Database
  • Participation in Bug Bounty programs
  • Detail oriented and dependable
  • Good sense of humor