Application Security Engineer
Joining one of the worlds highest performing hedge funds. The Application Security Engineer will work with the Information Security team and partner with business and technology teams in the assessment, design, deployment and secure lifecycle management of internally and externally-developed applications to ensure the most appropriate safeguards and technical security controls are in place and fit for purpose.
Responsibilities include the design and execution of secure code assessments with various application teams and third parties with an emphasis on security integration into the development CI/CD toolchain. The ideal candidate will be responsible for elements of the application security control stack across their lifecycle.
You will have broad experience across a number of development frameworks, languages and platforms, including mobile and this will be put to the test as you perform and/or coordinate code reviews with developers, build threat models, develop and execute security assessments, and assist with remediation efforts which may include incident response.
- Perform application and environment security testing, evaluation, and hardening.
- Conduct automated static and dynamic code analysis with report creation and delivery.
- Coordinate penetration testing and remediation efforts with application development and systems support teams.
- Develop internal automation and integrations with implemented security services.
- Collaborate with development teams to effectively maintain security in the SDLC and CI/CD pipelines following industry best practices.
- Develop internal compliance documentation.
Required Skills and Experience
- 5+ years of experience in application security, web application, mobile, stand-alone etc.
- Knowledge and 5+ years of experience in Secure SDLC & DevSecOps to support the Continuous Integration and Continuous Deployment (CI/CD) activities of multiple software teams who design, develop, and deploy advanced cybersecurity capabilities.
- Experience in application development with at one or more modern programming languages.
- Thorough knowledge of RESTful API design/development.
- Solid understanding of web application security principles and frameworks, including OWASP Top 10, Sans 25, NIST 800-44.
- Hands-on familiarity with running security tools, such as:
- DAST IBM AppScan Standard / Enterprise, HP WebInspect, Acunetix WVS, W3AF, Portswigger Burp Proxy Pro, OWASP Zed Attack Proxy.
- SAST IBM AppScan Source Scanner, HP Fortify, Checkmarx.
- IAST Aspect Security Contrast.
- Strong experience of application penetration testing, common vulnerability analysis techniques and information security threat vectors.
- Strong experience with fuzzing, reverse engineering, and advanced exploitation techniques, such as WinDBG, GDB, Wireshark, IDA Pro, Ghidra, Binary Ninja, etc.
- Experience with Cloud IaaS and PaaS platforms, specifically AWS, Azure and GCP
Apply for this role
All fields marked with * are required.