Application Security Engineer III
Location
Secunderabad | India
Job description
- Fanatics is searching for an experienced application security specialist to help protect Fanatics-developed applications which are used externally and internally.
- A successful candidate will display strong communication and technical skills and be comfortable and effective working independently and as part of a larger, highly distributed team.
- Were looking specifically for folks who place an emphasis on usable security and scaling successfully through automation. Fanatics is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.
- Responsible for continually improving product security by partnering with developers in all phases of software development life cycle.
- Work with teams to ensure security standards are maintained on the design and implementation of applications and systems in cloud and on-premises environments.
EXPERIENCE REQUIRED:
A minimum of 3 years of experience.
RESPONSIBILITIES:
- Establish security best processes and practices for our mobile, on-premises and cloud-based platforms.
- Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls.
- Support and consult with product and development teams in the area of application security, including threat modeling and Application Security reviews.
- Implement, continuously develop, and maintain secure Software Security Development Lifecycle processes and software maturity model.
- Perform threat modeling, secure design, and source code review.
- Conduct security assessments, security testing and validation of vulnerability scan results.
- Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
- Incorporate security tools/tasks to automate product development and deployment.
- Develop, implement, and automate defensive controls, creating and tuning tools and rules to detect and address malicious activity. Responsible for integration of security controls into SDLC.
- Establish supply chain security process and ensure 3rd party software meet the standards.
- Facilitate injection, integration, and compliance for Static Application Security Testing (SAST), Container Security Scanning Open-Source Security Analysis during development phase.
- Facilitate injection, integration, and compliance for Dynamic Application Security Testing (DAST)
- Contribute to triaging, addressing security issues and tracking remediation.
- Own and manage Secure SDLC tooling.
- Develop and customize security tools used by security teams and developers.
- Work closely with development teams to build security directly into their SDLCs.
- Provide remediation guidance to programmers and management.
- Support bug bounty program
- Support the preparation of security releases
- Mentor and train development teams on secure coding standards and techniques. Develop Secure Coding Program.
- Constantly innovate at the pace of the adversary using latest techniques.
EDUCATIONAL REQUIREMENTS:
- Bachelor s degree in computer science, Information Systems, or equivalent combination of education and experience
- Certifications in the field of Information Security (at least one of the following: CISSP, CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, GWEB)
Job tags
Salary
