Summary
The Application Security Engineer will work within the Online Security team working to ensure applications are secure at every stage of their lifecycle. The engineer will work closely with development teams ensuring security is integrated holistically into development practices with the goal of providing a secure experience for our employees and customers.
Essential Responsibilities
· Application security assessments, including blackbox/penetration testing, architecture/design review, and code review
· Ability to understand, reproduce and demonstrate identified application security vulnerabilities
· Ability to identify and explain risks and remediation strategies for common application security vulnerabilities such as SQL Injection, Cross Site Scripting, Cross Site Request Forgery
· Consulting with development and engineering teams to ensure secure design, implementation and deployment of online application
· Development and refinement of internal methodologies, standards, tools, and security best practices
· Proactively learning and utilizing new technologies, concepts and procedures as appropriate to project requirements
· Developing a working understanding of the environment and how security fits into the bigger picture
· Evaluating, testing and proposing next-generation technology related to application security
· Ability and desire to keeping up with the latest trends in the security community
Required Skills/Experience
· Bachelor's Degree in Computer Engineering, Computer Science or related field
· Experience in application/software security or development
· Strong interest in security
· Strong interest in how to best visualize data
· Strong team player who collaborates well with others to solve problems and actively incorporates input from various sources
· Possesses strong analytical skills, communicates in a clear and succinct manner, and effectively evaluates information/data to make decisions
· Can anticipates obstacles and develops plans to resolve
· Strong speaking and writing skills
Desired Skills/Experience
· Working knowledge of commonly used security tools such as HTTP proxies, application/network vulnerability scanners, other toolkits. Examples include Burp, AppScan, Nessus and Metasploit
· Experience with Ruby, Ruby on Rails and Java
· Knowledge of compliance issues and IT auditing (PCI, HIPAA, SOX)
· Knowledge and experience with security data visualization tools and methodologies
· Ability to understand and identify specific concerns for native mobile applications and web based APIs