Job Description:

The Sr. Application Security Engineer is a technology and process focused security professional with extensive experience in Development Operations, Software Engineering, Application Security and/or Information Security disciplines. This individual will be at the forefront of our security efforts, partnering closely with product and application developers to establish and elevate best practices for secure software development. They will advise, implement, and train teams on the processes, tools, and automation needed to fortify the SDLC and safeguard our products and applications.Ensure all your application information is up to date and in order before applying for this opportunity.The Sr. Application Security Engineer is a full-time, remote, exempt position and reports to the CISO.Specific Responsibilities:Play a lead role in developing expert knowledge of Product Security, requirements, tools, and working methods across our organization.Ideate, communicate, and guide the implementation of complex vulnerability mitigation strategies to development teams.Conduct manual and automated security assessments and code reviews to identify vulnerabilities within applications. Collaborate with Product, Technology, and broader security teams to provide recommendations for solutions focused on decreasing business risks.Perform threat modeling to identify potential security issues before they can be exploited. This involves understanding the attack surface of applications and predicting potential attack vectors.Deliver reports on completed tests and document technical issues identified during the assessments.Evaluate, select, and deploy security tooling to automate the detection of security vulnerabilities. This may include integrating security tools into continuous integration/continuous deployment (CI/CD) pipelines.Lead or participate in the response to security incidents, including conducting post-mortem analysis to prevent future occurrences.Ensure applications comply with relevant security standards and regulations. This may involve collaborating with auditors and performing regular security assessments.Supervisory Responsibilities:None.Skills:Understanding of containerization technologies.Demonstrated expertise in product/application security architecture.Experience with threat modeling, risk analysis and control design.In depth knowledge of network security, authentication, and authorization.Experience with Security integration into CI/CD and experience in driving CI/CD adaptation for security controls.Advanced understanding of vulnerability exploitation chaining, and vulnerability remediation.Strong familiarity with software development lifecycle (SDLC) processes and source control technologies.Experience:7+ Years of overall IT Experience with a major emphasis on application security.Development experience in any modern programming language (including but not limited to Python, C++, Rust, Go).Strong knowledge of Cloud Providers (Azure).Education:Bachelor's degree in computer science or related field or possess the equivalent combination of industry related professional experience and education.GWEB, CASE, CISSP, CSSLP certifications preferred.