Senior Application Security Engineer Job Description
Senior application security engineer
provides guidance for secure coding practices and proactive controls based on OWASP Top 10 and SANS 25.
Senior Application Security Engineer Duties & Responsibilities
To write an effective senior application security engineer job description, begin by listing detailed duties, responsibilities and expectations. We have included senior application security engineer job description templates that you can modify and use.
Sample responsibilities for this position include:
Experience with multiple languages such as Java, C++, PHP, and understand how to detect and remedy related security issues such as OWASP top 10
Ability to understand business requirements and apply security without adversely affecting the desired functionality
Assist with the creation, adoption, and maturation of threat modeling and application security requirements functions and processes
Evaluate and recommend new and emerging application security products and technologies in coordination with the global Application Security group
Coordinate the maintenance of the UK application inventory and risk profiles with delivery teams
Perform manual code reviews, open source software evaluations, and tests as needed
Responsible for maintaining a portfolio of 6-8 simultaneous projects with lifecycles ranging from 2 weeks to 6 months
You would be working with a relatively new team with many fun existing projects and opportunities for you to identify the need for and create new ones
You enjoy learning and working closely with subject matter experts in diverse areas such as microservice architectures, big data, content delivery networks, and a production studio
Provide sound advice and consultancy to internal customers on risk assessment, threat modeling and fixing vulnerabilities
Senior Application Security Engineer Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Senior Application Security Engineer
List any licenses or certifications required by the position: CISSP, PCI, AWS, CSSLP, OSCP, GWAPT, GXPN, CAP, PMP, CASE
Education for Senior Application Security Engineer
Typically a job would require a certain level of education.
Employers hiring for the senior application security engineer job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Engineering, Information Security, Technical, Information Technology, Management, Science, Architecture, Technology, Writing
Skills for Senior Application Security Engineer
Desired skills for senior application security engineer include:
Latest OWASP Top 10 and SANS Top 25 vulnerabilities and the corresponding mitigation techniques
Load Balancers
Routers and Content Filters
Application security vulnerabilities
HTML
Python
OWASP Top 10
SSL/TLS
CWE
Java
Desired experience for senior application security engineer includes:
Expertise in e-commerce, distributed systems, and web application security
Strong understanding of web-related technologies
Comprehension of encryption technologies
Cover Letter (optional), which should include why you are interested in working at Blizzard
Experience developing web and mobile applications preferred
In-depth knowledge of communications protocols
Senior Application Security Engineer Examples
1
Senior Application Security Engineer Job Description
Job Description Example
Our growing company is looking to fill the role of senior application security engineer. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for senior application security engineer
- Create security test cases and automation in python for all known vulnerabilities so they can be used to prevent other products from having similar issues
- Evangelize security within Egencia and be an advocate for customer partnership
- Recognize, adopt, utilize and teach standard methodologies in security engineering and development
- Develop training materials for specific application security technology training
- Maintain an understanding of the internet threat environment and how it affects Egencia
- Understand the current state of network and application security tools and how they can benefit the company
- Implement and execute a threat modeling program for the enterprise
- Maintain applicable programing language proficiency
- Be a member of on-call incident response team
- Apply defense-in-depth strategies to protect the company and its clients, ensure that every attack vector has multiple ways to be deterred, delayed, denied, detected, and defended
Qualifications for senior application security engineer
- Be able to adapt and be entrepreneurial and solve problems quickly, creatively, and collaboratively
- Familiar with web-related technologies
- Penetration tools such as Kali, Burp Suite, Qualys Guard, Cenzic, Metasploit, OWASP ZED, sqlmap, nosqlmap, WPScan, Nessus, NMAP
- CICD (Continuous Integration Continuous Development) – Circle CI, Jenkins, GitHub
- Must be a self-starter, able to work under pressure and with limited supervision both individually and with other team members
- Finding and remediating application vulnerabilities
2
Senior Application Security Engineer Job Description
Job Description Example
Our company is looking for a senior application security engineer. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for senior application security engineer
- Performs application security assessments and remediation activities as part of the application security program and ensures application teams adhere to the SDL Framework
- Guides and performs security activities including penetration testing and vulnerability analysis, code review, static and dynamic testing, and ethical hacking
- Participate as a key member in security incident response activities
- Consult with development teams on systems architecture and design security
- Conduct vulnerability and application penetration testing and static code scanning to evaluate potential security weaknesses and manage resulting issues requiring remediation
- Mentor software development teams in remediation of identified security weaknesses
- Review and evaluate the security impact of proposed changes to software systems
- Threat model application architecture, identify required control points in the application, and provide software and solutions design direction
- Research and stay abreast of the latest threats
- Evangelize security and secure development practices
Qualifications for senior application security engineer
- Experience with application security testing using tools such as Checkmarx, Veracode, Fortify, WhiteHat
- Effectively communicating security issues with developers
- Strong application security fundamentals
- Hardening procedures for Microsoft Windows and Linux
- Detailed technical knowledge of application, database and operating system security
- Hands on experience in Cloud based technologies (AWS, AZURE)
3
Senior Application Security Engineer Job Description
Job Description Example
Our growing company is looking to fill the role of senior application security engineer. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for senior application security engineer
- Verify applications are developed and maintained in line with data security policies
- Participate in responding to security audits and regulatory assessments
- Make recommendations for enhancements to security tools and practices, and for new security tools and practices
- Senior Application Security Systems Engineer will lead and execute tasking in support of the Veterans Affairs (VA) Assessment & Authorization (A&A) process for the VBMS system
- Application Security Engineer on Software Vulnerabilities
- Establish and manage the Application Software Security engineering team
- Lead the development of secure design patterns for adoption by the development community
- Partner with platform architects and reference architecture pattern owners to integrate security goals
- Establish a service to support engineering teams via shared sprints and pair programming on security goals
- Drive the review and remediation of tool / environment impediments to efficient secure coding objectives
Qualifications for senior application security engineer
- Knowledge of a wide breadth of information security topics
- 3-4 years of Android / Android Studio/Android SDK/3rd party SDK based development
- 5 years with Spring/MVC and Spring filter development and J2EE design patterns and IOC
- Hybrid application development using Webviews
- Servlets/JSP/JDBC/JMS/Hibernate/Servlet filters
- Webservice technologies including SOAP/REST/JSON/XML/JAX-RS
4
Senior Application Security Engineer Job Description
Job Description Example
Our innovative and growing company is hiring for a senior application security engineer. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for senior application security engineer
- Assess and recommend defensive measures to protect environments through commercial, open-source, or custom built tools
- Develop, adapt and enhance Cloud Security infrastructure patch management
- Perform security audits of products under development including hardware, firmware, software and mobile applications
- Participate in training developers on secure coding and remediation techniques
- Evaluate protocols, libraries, and technologies that are being considered for use in our products and make recommendations and collaborate with developers on which ones to implement and how to implement them securely
- Participate in product specification and architecture planning to ensure that security requirements are identified early on for all projects
- Work with partners/vendors to audit SDKs, improve security testing, and secure product design
- Complete threat modeling and identify security gaps and paths of potential exploitation
- Provide audit status and reports to stakeholders with the ability to balance secure principles and potential exploitation with business needs
- Participate as a technical resource in Product Security Incident Response Team (PSIRT) evaluation and Root Cause Analysis (RCA) of vulnerabilities/exploits sent from external sources
Qualifications for senior application security engineer
- Familiarity with Software management, development and build frameworks including Jenkins, Maven, Git/SVN, common IDE’s
- Exposure to Cloud based environments and single and multi tenant services
- Good understanding of PKI, X.509, certificate management, TLS, multi-factor and federated authentication
- Exposure to Web Application vulnerabilities and their protection
- Exposure to crypto technologies ( AES/ SHA/ FPE ) and algorithms
- Certifications such as CEH, CSSLP, CISSP, GIAC (GWAPT, GMOB)
5
Senior Application Security Engineer Job Description
Job Description Example
Our company is searching for experienced candidates for the position of senior application security engineer. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for senior application security engineer
- Join a new team focused on Application Security and Software Assurance
- Lead the engineering and introduction of new security services for application developers
- Define and capture metrics to support security in the software development lifecycle
- Act as point of contact for software security services questions and support
- Assist with security and compliance projects on an ad-hoc basis
- Work with security analysts and developers to continuously improve AppDev security services
- Penetration testing tools and capabilities
- Application architecture and software composition analysis
- Integration of leading edge threat intelligence with application development
- How to define meaningful metrics that lead to a reduction in security flaws
Qualifications for senior application security engineer
- A minimum of 5-year professional programming experience in statically typed languages (C/C++, Java, C#)
- Familiarity with Web-related technologies
- At least one (1) year of hands-on experience evaluating the security of applications using both manual and automated techniques
- Mobile Application Security on iOS and/or Android devices
- Knowledge of cryptographic solutions for protection of data in use, in transit and at rest, such as
- Experience with Node.js (Experience past school, Enterprise Application Experience)