Application Security Engineer - North Central region Remote in the U.S.
Roles and Responsibilities: Run client SAST/DAST/SCA tools, review outputs and provide recommendations. Work with development teams to identify and remediate security vulnerabilities. Provide security guidance during the software development lifecycle (SDLC). Identify, track, and prioritize security vulnerabilities. Validate fixes and conduct retesting. Implement and maintain application security tools and scanning solutions. Create reports for technical and non-technical stakeholders. Experience Requirements:
- 2-3 years experience working in Application Security
- Understanding of Integrated Development Environment (IDE) and Continuous integration / Continuous Delivery (CI/CD) Pipeline tools and processes (e.g. GitHub, etc.)
- Strong working knowledge of Secure Development Lifecycles and experience remediating technical vulnerabilities identified by web application scanning tools, Information Systems architecture, security control design, and development experience
- Deep knowledge of manual testing tools such as Burp Suite Pro
- Knowledge of and experience with SAST/DAST/SCA Application Security tools. Invicti (DAST) or Checkmarx (SAST/SCA) experience highly preferred
- Experience with the integration of tools into development pipelines
- Understanding of a broad range of Application Security issues as well as their mitigation strategies
- Understanding of Application Security related vulnerabilities
- Experience with reviewing source code written in JavaScript, Python, Java, C++, PHP, or C# a plus
Written Communication Skills: Written communication skills for written interactions with clients. Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into digestible pieces of information. Personal Qualities: Personal drive and passion to not only continue growing yourself but also the Application Security Engineering practice. Education and Certifications: Bachelors degree in Computer Science or Information Security preferred. Standard industry certifications are preferred. Remote Skills: Applications Security, C++ Programming Language, Code Reviews, Communication Skills, Computer Science, Computer Security, Continuous Deployment/Delivery, Continuous Integration, Customer Relations, Establish Priorities, GitHub, IDE (Integrated Development Environment), Information Architecture, Information/Data Security (InfoSec), Internet Application, Internet Security, Java, JavaScript, Microsoft C# (C Sharp), PHP Scripting Language (PHP Hypertext Preprocessor), Product Lifecycle, Python Programming/Scripting Language, Reporting Skills, Security Architecture, Security Design, Security Monitoring, Software Administration, Software Development Lifecycle (SDLC), Software Engineering, Software Testing, System Architecture, Team Player, Test Tools, Writing Skills About the Company: Guidepoint Security LLC Apply To This Job