Titile: Application Security Engineer
Location: Remote
Job Description:
We are seeking a skilled Application Security Engineer (AppSec) with expertise in Secure Software Development Life Cycle (SSDLC) and DevSecOps practices to join our team. The ideal candidate will have a strong background and practical experience in the planning, implementation and standardization of S-SDL practices including secure coding standards, SAST, DAST, automated testing (CI/CD) for our product application teams and preferably possess knowledge of Synopsys Black Duck Software Composition Analysis (SCA) and related technologies.
Responsibilities:
1. Provide guidance, technical and procedural knowledge as to implement and maintain Secure Software Development Life Cycle (SSDLC) processes throughout the software development lifecycle. Provide guidance and support to development teams on secure coding practices and security best practices.
2. Collaborate with product development teams to standardize integrated security functions into DevOps practices (DevSecOps) and CI/CD pipelines.
3. Conduct security assessments, code reviews, and penetration testing to identify and remediate security vulnerabilities.
4. Assist in the development and implementation of security controls and measures to protect applications and data by identifying and addressing code vulnerabilities and deficiencies via CI/CD.
6. Utilize tools such as Black Duck SCA to create Software Bill of Materials (SBOM) to identify and manage open-source software components, dependencies & vulnerability attributions and priorities.
7. Stay updated on industry trends, emerging threats, and best practices in application security and secure-coding methodologies.
Requirements:
1. Bachelor's degree in Computer Science, Information Security, or related field.
2. Proven experience in application security, with a focus on secure software development practices.
3. Strong understanding of Secure Software Development Life Cycle (SSDLC) principles and methodologies.
4. Experience with DevSecOps practices within an enterprise context and integrating security into CI/CD pipelines.
5. Ability to engage and work closely with other technical and non-technical team members to align on plans and expected outcomes.
5. Knowledge of common application security vulnerabilities and attack vectors.
6. Familiarity with tools such as Synopsys Black Duck SCA, Open-Source Security & generating Software Bill of Materials (SBOM) is a plus.
7. Excellent communication and collaboration skills, with the ability to work effectively in cross-functional teams.
8. Relevant certifications such as Certified Information Systems Security Professional (CISSP) or specific Application Security disciplines such as C|ASE or W|AHS a plus.