Application Security Engineer

Дата:13 Июля
Работодатель:Infopulse / Инфопульс
Город:Варшава, Польща
Квалификация:Bachelor's or Master’s degree in computer science or related field or equivalent experience, depending on the role level
5+ years of experience with application security architecture with expertise in applying secure software development methods within the SDLC, designing and building secure software systems
Solid understanding of fundamental application security building blocks such as authentication, authorization, data validation, encryption and security assurance
Strong familiarity with application security concepts/standards/laws/best practices (e.g. OWASP, NIST, CIS, ISO 15408, ISO 27xxx, PCI DSS, EU GDPR)
Experience of mentoring, advising or guiding teams to follow architectural or security best practices
Experience of conducting security code review, application threat modelling and security risk assessment
Understanding of the TCP/IP Stack, web application architecture, encryption fundamentals and OWASP Top 10
Strong desire to grow in both engineering and security expertise
Good knowledge of software development processes, integration of security assessments in Software Development Life Cycle (SDLC) process
Understanding of Agile/DevOps principles
Familiarity with code reviews, application security tools and techniques
In-depth, hands-on understanding of application architectures and technology (including web applications, mobile technology, identity and access management) Desired Skills
Experience of performing application security assessments such as threat modelling, security testing, vulnerability management and remediation
Experience with or knowledge of security testing tools such as SAST or DAST
Good understanding of at least two of the following programming languages (i.e. the ability to understand the issue by looking at code snippets): C#, C++, Java, Python, JS
Experience in application development, secure coding and scripting languages for automation is an advantage
Experience with Microsoft Cloud Security
Experience with architecture security design and review is an advantage
Knowledge of vulnerability management and security testing tools such as Acunetix, Nessus, Nmap, Burp, ZAP, Kali Linux
Задачи:Perform threat modelling, risk assessment, secure design and source code review for applications
Perform system and application security requirements review, definition and clarification
Collaborate closely with development teams to assess the security posture/risk of the product features being developed and help integrate the best security practices into their development processes and source code security review
Support the application team as well as development teams to design and implement processes and/or tools for secure code reviews and security testing
Develop abuse use cases for project-related security testing in alignment with the security requirements objectives
Perform targeted security tests to assist in detection and remediation validation of security relevant defects and vulnerabilities
Conduct application security assessments, contribute to the security enhancement of the Systems Development Life Cycle (SDLC), provide actionable security recommendations for the development of various types of applications: web, mobile, embedded, etc.
Recommend security solutions, develop and implement security and compliance tools in support of security analysis processes
Incorporate security tools/tasks into automated product development and deployment lifecycles (SAST/DAST/IAST integration into CI/CD pipeline)
Implement security culture, tools and processes into software development environment
Collaborate closely with product and platform teams to design and implement security controls and best practices
Provide secure application development training to developers
Develop and maintain a balanced application security programme based on a well-defined application security framework
Stay current with security industry trends and implement best practices within Secure SDLC
Investigate and pilot commercial and open-source application security tools
Participate in the development of corporate documents on system and application security
Develop corporate documents, technical reports, metric reporting and security related presentations