Senior Application Security Engineer
SILVER SPRING-20906, MD, US
09/30/2019
-
Required Skills
Company
Infinity Consulting Solutions, Inc
Experience
-
Job Description
Responsibilities
Create/run secure code assessments with various application and services engineering teams
Review and contribute to application designs and solutions
Run, maintain, and utilize security tools for the Appsec program, e.g., static and dynamic code analysis tools
Work with Red Teams and penetration testers to facilitate exercises and work with application developers and engineering teams on remediation
Assist with code reviews
Participate in information security operations duties, including occasional incident response escalations
Evaluate and support application security technologies, processes and workflows on multiple platforms (e.g., Server/Client, Mobile, Tablet, etc.)
Develop and execute security assessment test plans
Collaborate with development teams to ensure secure coding best practices are followed
Perform risk and threat assessments
Review developers' code, provide feedback, and perform security/risk assessment for consumer-facing applications, services, and future technology
Create/make pull requests to review and merge code in Git/GitHub or similar DVCS
Identify and define application security requirements and security baselines for the various classes of assets and environments in use at Discovery or its partners
Work collaboratively and proactively across the organization (e.g., Technical Architects/Leads, Product managers, etc.) to support and remediate security vulnerabilities
Understand and recommend security controls for the rapid development of consumer-facing prototypes to identify technical options and inform architectural approaches
Identify and recommend best-of-breed security stack and controls for interactive consumer experiences across web and mobile devices. (i.e., project, customer, and vendor management skills)
Requirements
Experience in application development with at least one modern programming language (Swift for iOS and
Kotlin for Android preferred
Knowledge of OWASP
Hands-on experience performing code reviews and with associated applications such as static and
dynamic code analysis tools
Knowledge of web application architecture
Knowledge of threat modeling
Experience in code reviews, business logic assessment, and application security testing
Experience w/public cloud environments (IaaS, PaaS, SaaS)
Familiar with application security tools like BurpSuite Pro, SAST, DAST, nmap, Metasploit, and Kali Linux, etc.
Experience in secure coding and software development in various languages (C#, .NET, Java etc.)
Familiarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principles
Cloud experience (AWS preferred)
Security Architect
Information Technology
No Preference
FullTime Job
Other
1
Candidate Requirements
-
Bachelors
Walkin Information
-
9/24/2019
-
Recruiter Details
Doug Klares
1350 Broadway, Suite 2205,
NEW YORK-10018, NY
-