Senior Application Security Engineer Job Description
Senior Application Security Engineer Duties & Responsibilities
To write an effective senior application security engineer job description, begin by listing detailed duties, responsibilities and expectations. We have included senior application security engineer job description templates that you can modify and use.
Sample responsibilities for this position include:
Senior Application Security Engineer Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Senior Application Security Engineer
List any licenses or certifications required by the position: CISSP, PCI, AWS, CSSLP, OSCP, GWAPT, GXPN, CAP, PMP, CASE
Education for Senior Application Security Engineer
Typically a job would require a certain level of education.
Employers hiring for the senior application security engineer job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Engineering, Information Security, Technical, Information Technology, Management, Science, Architecture, Technology, Writing
Skills for Senior Application Security Engineer
Desired skills for senior application security engineer include:
Desired experience for senior application security engineer includes:
Senior Application Security Engineer Examples
Senior Application Security Engineer Job Description
- Create security test cases and automation in python for all known vulnerabilities so they can be used to prevent other products from having similar issues
- Evangelize security within Egencia and be an advocate for customer partnership
- Recognize, adopt, utilize and teach standard methodologies in security engineering and development
- Develop training materials for specific application security technology training
- Maintain an understanding of the internet threat environment and how it affects Egencia
- Understand the current state of network and application security tools and how they can benefit the company
- Implement and execute a threat modeling program for the enterprise
- Maintain applicable programing language proficiency
- Be a member of on-call incident response team
- Apply defense-in-depth strategies to protect the company and its clients, ensure that every attack vector has multiple ways to be deterred, delayed, denied, detected, and defended
- Be able to adapt and be entrepreneurial and solve problems quickly, creatively, and collaboratively
- Familiar with web-related technologies
- Penetration tools such as Kali, Burp Suite, Qualys Guard, Cenzic, Metasploit, OWASP ZED, sqlmap, nosqlmap, WPScan, Nessus, NMAP
- CICD (Continuous Integration Continuous Development) – Circle CI, Jenkins, GitHub
- Must be a self-starter, able to work under pressure and with limited supervision both individually and with other team members
- Finding and remediating application vulnerabilities
Senior Application Security Engineer Job Description
- Performs application security assessments and remediation activities as part of the application security program and ensures application teams adhere to the SDL Framework
- Guides and performs security activities including penetration testing and vulnerability analysis, code review, static and dynamic testing, and ethical hacking
- Participate as a key member in security incident response activities
- Consult with development teams on systems architecture and design security
- Conduct vulnerability and application penetration testing and static code scanning to evaluate potential security weaknesses and manage resulting issues requiring remediation
- Mentor software development teams in remediation of identified security weaknesses
- Review and evaluate the security impact of proposed changes to software systems
- Threat model application architecture, identify required control points in the application, and provide software and solutions design direction
- Research and stay abreast of the latest threats
- Evangelize security and secure development practices
- Experience with application security testing using tools such as Checkmarx, Veracode, Fortify, WhiteHat
- Effectively communicating security issues with developers
- Strong application security fundamentals
- Hardening procedures for Microsoft Windows and Linux
- Detailed technical knowledge of application, database and operating system security
- Hands on experience in Cloud based technologies (AWS, AZURE)
Senior Application Security Engineer Job Description
- Verify applications are developed and maintained in line with data security policies
- Participate in responding to security audits and regulatory assessments
- Make recommendations for enhancements to security tools and practices, and for new security tools and practices
- Senior Application Security Systems Engineer will lead and execute tasking in support of the Veterans Affairs (VA) Assessment & Authorization (A&A) process for the VBMS system
- Application Security Engineer on Software Vulnerabilities
- Establish and manage the Application Software Security engineering team
- Lead the development of secure design patterns for adoption by the development community
- Partner with platform architects and reference architecture pattern owners to integrate security goals
- Establish a service to support engineering teams via shared sprints and pair programming on security goals
- Drive the review and remediation of tool / environment impediments to efficient secure coding objectives
- Knowledge of a wide breadth of information security topics
- 3-4 years of Android / Android Studio/Android SDK/3rd party SDK based development
- 5 years with Spring/MVC and Spring filter development and J2EE design patterns and IOC
- Hybrid application development using Webviews
- Servlets/JSP/JDBC/JMS/Hibernate/Servlet filters
- Webservice technologies including SOAP/REST/JSON/XML/JAX-RS
Senior Application Security Engineer Job Description
- Assess and recommend defensive measures to protect environments through commercial, open-source, or custom built tools
- Develop, adapt and enhance Cloud Security infrastructure patch management
- Perform security audits of products under development including hardware, firmware, software and mobile applications
- Participate in training developers on secure coding and remediation techniques
- Evaluate protocols, libraries, and technologies that are being considered for use in our products and make recommendations and collaborate with developers on which ones to implement and how to implement them securely
- Participate in product specification and architecture planning to ensure that security requirements are identified early on for all projects
- Work with partners/vendors to audit SDKs, improve security testing, and secure product design
- Complete threat modeling and identify security gaps and paths of potential exploitation
- Provide audit status and reports to stakeholders with the ability to balance secure principles and potential exploitation with business needs
- Participate as a technical resource in Product Security Incident Response Team (PSIRT) evaluation and Root Cause Analysis (RCA) of vulnerabilities/exploits sent from external sources
- Familiarity with Software management, development and build frameworks including Jenkins, Maven, Git/SVN, common IDE’s
- Exposure to Cloud based environments and single and multi tenant services
- Good understanding of PKI, X.509, certificate management, TLS, multi-factor and federated authentication
- Exposure to Web Application vulnerabilities and their protection
- Exposure to crypto technologies ( AES/ SHA/ FPE ) and algorithms
- Certifications such as CEH, CSSLP, CISSP, GIAC (GWAPT, GMOB)
Senior Application Security Engineer Job Description
- Join a new team focused on Application Security and Software Assurance
- Lead the engineering and introduction of new security services for application developers
- Define and capture metrics to support security in the software development lifecycle
- Act as point of contact for software security services questions and support
- Assist with security and compliance projects on an ad-hoc basis
- Work with security analysts and developers to continuously improve AppDev security services
- Penetration testing tools and capabilities
- Application architecture and software composition analysis
- Integration of leading edge threat intelligence with application development
- How to define meaningful metrics that lead to a reduction in security flaws
- A minimum of 5-year professional programming experience in statically typed languages (C/C++, Java, C#)
- Familiarity with Web-related technologies
- At least one (1) year of hands-on experience evaluating the security of applications using both manual and automated techniques
- Mobile Application Security on iOS and/or Android devices
- Knowledge of cryptographic solutions for protection of data in use, in transit and at rest, such as
- Experience with Node.js (Experience past school, Enterprise Application Experience)