Application Security Engineer
Location
Secunderabad | India
Job description
Â
General Duties and Responsibilities
Application Security Engineer has the responsibility of completing a thorough risk assessment, identifying vulnerabilities within company applications and container-based infrastructure. The Application Security Engineer may use manual and automated testing tools to assess applications for possible exploitation and is responsible to document and assist with remediating security threats and technical faults. The Application Security Engineer duties and responsibilities included:
- Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools
- Systematically address application security issues and develop secure coding practices for multiple development teams
- Integration of application authentication, encryption, authorization, and access control
- Provide mitigation strategies for applications from secure coding perspective
- Utilize application security scanning tools such as Checkmarx, AppScan, Burp Suite, Contrast, Veracode, Fortify or similar tooling (both commercial-off-the-shelf and open-source) to interpret reports and validate identified vulnerabilities and associated risks
- Utilize source code scan tools, both commercial-off-the-shelf and open-source, to assist application development teams to apply the best practice for application security and catch potential vulnerabilities at early stage
- Proactively work with team members to address security and compliance issues
- Provide education and assistance to application developers for applying Security Software Development Life Cycle
- Collaborate with development teams to prioritize and remediate vulnerabilities throughout the application lifecycle requirements
General Knowledge, Skills, and Abilities
- As well as formal qualifications, the Application Security Engineer should possess: Strong software engineering background with extensive experience working in complex enterprise environments implementing software development lifecycles Experience in HTML, CSS, and JavaScript Education
- Extensive experience in addressing web application security issues, such as those outlined in OWASP Top 10
- Strong knowledge of application security throughout the software lifecycle
- Experience developing secure coding practices with C#, Asp.Net (MVC and WebForms), HTML/CSS, SQL Server
- Strong knowledge and experience in securing an application s integration with relational database management systems such as MS SQL
- Proven ability to ensure applications are secure throughout the software lifecycle
- Ability to perform manual and automated testing to identify vulnerabilities such (BurpSuite Pro, Fiddler, Netsparker, etc.)
- Knowledge of security in both Linux and Windows environments as it pertains to Web application hosting, middleware (IIS, Apache, Tomcat, PHP, ColdFusion, Ajax), and databases (Oracle, MySQL, MS SQL Servers)
- Knowledge of Docker and Kubernetes
- Excellent communication skills including presentation and documentation
- Strong capability in evaluating application security related products
Educational / Certification / Skills Required
- A Bachelor s degree in Computer Science or related engineering field with training in software security experience.
- Software Security Certifications, such as Certified Secure Software Lifecycle Professional (CSSLP),
- GIAC (Global Information Assurance Certification),
- GSEC (Global Security Essentials Certification) is desired.
- Experience working with cloud technologies (AWS, Azure, SaaS, etc.) is highly desired
Job tags
Salary
