Application Security Engineer (2019-122) Seattle, Washington
- Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile and more
- Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications
- Create threat models that result in more secure application design
- Design and develop security testing scenarios
- Analyze and present results of testing to team members, managers and customers
- Write detailed problem reports, test plan documents, and mitigation recommendations as needed
- Develop tools to aid penetration test automation and effectiveness
- Review code for common security vulnerabilities
- Possible travel to client sites to conduct in-person security reviews and assessments
- Proactively Scan Perimeter network for vulnerabilities (Hosts, Ports, Applications, TLS)
- Monitor Application log files for active attacks (Develop Monitoring and Alerts for log systems)
- Keep adept on newly emerging threats and provide guidance and verify mitigations to these threats
- Be in an on-call rotation ready to provide incident response within 1 hour during work hours or 2 hours off hours
YOUR RESUME
What we’re really looking for, even if your resume doesn’t say it, is someone versed and capable in one or many of the following areas:
- Penetration Testing and Ethical Hacking
- Dynamic and/or Static Code Analysis
- Software Development
- Interest in conducting security research
MUST HAVES
What we expect of our applicants:
- B.S. in Computer Science or related degree
- Minimum 5-years of experience in a technical role
- Completed CISSP, CISA, CEH, CAP, Security+, or a similar security certification
- Develop custom security tools to improve coverage and validate findings
- Work with Agile, GIT, and release planning
- Penetration testing methodologies, tools, and tactics such as Fuzzing, GDB, Burp, Nmap, OWASP, Metasploit, Sqlmap, dynamic/static analysis
- Penetration testing and white hat hacking
- Incident response for PCI-compliant systems in a large production environment (over 1,000,000 users)
NICE TO HAVES
These skills are not required, but if you have any of them, you are likely a good candidate for the position:
- Develop in Perl, Java EE, Python, and C/C++
- Develop on Linux and Windows platforms
- Enterprise services such as LDAP, SAML, API Gateways, secure web services
- Familiarity with Informix Database
- Participation in Bug Bounty programs
- Detail oriented and dependable
- Good sense of humor