JOB DESCRIPTION:
Application Security Engineers work closely with cross-functional teams to ensure that Cellulant’s products are secure. As an application security engineer, you will be required to define security controls and design requirements during the product development and software build stage of the software lifecycle. You will also be required to lead the review of these controls into the software before deployment into production systems.
In this position, you are a passionate and talented application security engineer with a very deep understanding of out-of-the-box business logic vulnerabilities, OWASP, CWE 25, API Security, Mobile App Security, Data Protection, and best practices design and threat modeling skills who can work in a dynamic environment. You must be agile to produce secure code in short time frames and be willing to go beyond the standard routine.
CORE RESPONSIBILITIES:
The role holder would be responsible for the following:
Identifying new or evolving business logic issues in a range of applications and creating complementary remediation plans
Performing security-focused code reviews including for static, dynamic and runtime issue
Supporting and consulting with product, development and operations teams in area of application security, including threat modeling
Assisting engineering teams in reproducing, triaging, and addressing application security vulnerabilities.
Assisting in the development of security processes and automated tooling that prevent classes of security issues.
Leading both critical and regular security releases.
Leading the development of automated security testing to validate that secure coding best practices are being used.
Guiding and advising product development teams as a SME in the area of application security.
Developing secure application development training and socializing the material with internal product and engineering teams.
Participating and assisting in initiatives to holistically improve the quality and security across our product spectrum
QUALIFICATIONS & EXPERIENCE:
Qualification:
More than 5 Years of Experience in Application Security, SSDLC and Threat Modeling with an MS/BS degree in Information System Management / Computer Science / Information Security or a related technical discipline with at least 3 years of Software Development experience
MUST have a deep understanding of OWASP Top 10 (Web, Mobile and API) and CWE 25; with a proven track record and experience in implementing and strategies
MUST be able to identify out-of-the-box business logic vulnerabilities/issues and swiftly design remediation strategies
Well-versed in application design, penetration testing, application risk assessment and risk categorization
Above average understanding of Open APIs and the best practices for securing them
Experience in managing application security testing tools like SAST, DAST, RASP and Open Source Vulnerability Scanning
Solid problem-solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
Able to work well with cross-functional teams.
Experience identifying security issues through code reviews.
Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
Familiarity with common security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10 and business logic vulnerabilities).
Good development or scripting experience and skills. Java, SpringBoot, JavaScript, and/or python are preferred.
A basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
CI/CD (Continuous Integration – Continuous Development) – Circle CI, Jenkins, GitHub
Must be a self-starter, able to work under pressure and with limited supervision both individually and with other team members
Must be able to put together basic reports for all security tests conducted
Must have experience:
Must be a self-starter, able to work under pressure and with limited supervision both individually and with other team members
Must be able to put together basic reports for all security tests conducted
MUST have a deep understanding of OWASP Top 10 (Web, Mobile and API) and CWE 25; with a proven track record and experience in implementing and integrating remediation strategies
MUST be able to identify out-of-the-box business logic vulnerabilities/issues and swiftly design remediation strategies
Nice to-have experience:
Experience working in Agile teams
Experience in Linux operating systems
Excellent organization and time management skills and ability to work independently with minimal supervision
Must be able to work in a fast-paced environment and manage priorities and multi-task
Skills:
Exceptional storytelling skills.
Creative problem-solving & project management skills
The ability to connect the dots between mediums and disciplines (and people)
Top-notch communication skills, including the ability to present ideas compellingly both internally and externally
Excellent organisation and time management skills
A deep understanding of brand development as well as both traditional and digital marketing
Attentiveness, empathy, and the eagerness to constantly learn new things
Strong aesthetic skills with the ability to combine various colours, fonts and layouts
Ability to work effectively with colleagues at all levels.
You are creative, innovative, and always think outside the box
Ability to multitask and work in a fast-paced environment
Excellent cross-organization collaboration skills.
Apply via :
cellulant.bamboohr.com
