JOB TITLE:
Senior Application Security
Engineer
LOCATION:
Location Agnostic
Reports to: Information
Security Manager
Key Relationships and Stakeholders:
You will work under
Information Security function and very closely with Product Owners, Software
Engineers, DevOps Engineers, Software Quality Engineers and, among other
cross-functional teams within existing squads to deliver high-quality secure
software releases.
JOB DESCRIPTION:
Application Security Engineers work closely with cross-functional teams to ensure that Cellulant’s products are secure. As an application security engineer, you will be required to define security controls and design requirements during the product development and software build stage of the software lifecycle. You will also be required to lead the review of these controls into the software before deployment into production systems.
In this position, you are
a passionate and talented application security engineer with a very deep
understanding of out-of-the-box business logic vulnerabilities, OWASP, CWE 25,
API Security, Mobile App Security, Data Protection, and best practices design
and threat modeling skills who can work in a dynamic environment. You must be
agile to produce secure code in short time frames and be willing to go beyond
the standard routine.
Duties & Responsibilities
The role holder would be
responsible for the following:
- Identifying
new or evolving business logic issues in a range of applications and
creating complementary remediation plans
- Performing
security-focused code reviews including for static, dynamic and runtime
issue
- Supporting
and consulting with product, development and operations teams in
area of application security, including threat modeling
- Assisting
engineering teams in reproducing, triaging, and addressing application
security vulnerabilities.
- Assisting
in the development of security processes and automated tooling that
prevent classes of security issues.
- Leading
both critical and regular security releases.
- Leading
the development of automated security testing to validate that secure
coding best practices are being used.
- Guiding
and advising product development teams as a SME in the area of application
security.
- Developing
secure application development training and socializing the material with
internal product and engineering teams.
- Participating
and assisting in initiatives to holistically improve the quality and
security across our product spectrum
Qualification:
- More
than 5 Years of Experience in Application Security, SSDLC and Threat
Modeling with an MS/BS degree in Information System Management / Computer
Science / Information Security or a related technical discipline with at
least 3 years of Software Development experience
- MUST
have a deep understanding of OWASP Top 10 (Web, Mobile and API) and CWE
25; with a proven track record and experience in implementing and
strategies
- MUST
be able to identify out-of-the-box business logic vulnerabilities/issues
and swiftly design remediation strategies
- Well-versed
in application design, penetration testing, application risk assessment
and risk categorization
- Above
average understanding of Open APIs and the best practices for securing them
- Experience
in managing application security testing tools like SAST, DAST, RASP and
Open Source Vulnerability Scanning
- Solid
problem-solving and analytical skills; able to quickly digest any
issue/problem encountered and recommend an appropriate solution.
- Able
to work well with cross-functional teams.
- Experience
identifying security issues through code reviews.
- Excellent
and professional communication skills (written and verbal) with an ability
to articulate complex topics in a clear and concise manner.
- Familiarity
with common security libraries and tools (e.g. static analysis tools,
proxying / penetration testing tools).
- Familiarity
and ability to explain common security flaws and ways to address them
(e.g. OWASP Top 10 and business logic vulnerabilities).
- Good
development or scripting experience and skills. Java, SpringBoot,
JavaScript, and/or python are preferred.
- A
basic understanding of network and web-related protocols (such as TCP/IP,
UDP, HTTP, HTTPS, protocols).
- CI/CD
(Continuous Integration – Continuous Development) – Circle CI, Jenkins,
GitHub
- Must
be a self-starter, able to work under pressure and with limited
supervision both individually and with other team members
- Must
be able to put together basic reports for all security tests conducted
Must have experience:
- Must
be a self-starter, able to work under pressure and with limited
supervision both individually and with other team members
- Must
be able to put together basic reports for all security tests conducted
- MUST
have a deep understanding of OWASP Top 10 (Web, Mobile and API) and CWE
25; with a proven track record and experience in implementing and
integrating remediation strategies
- MUST
be able to identify out-of-the-box business logic vulnerabilities/issues
and swiftly design remediation strategies
Nice to-have experience:
- Experience
working in Agile teams
- Experience
in Linux operating systems
- Excellent
organization and time management skills and ability to work independently
with minimal supervision
- Must
be able to work in a fast-paced environment and manage priorities and
multi-task
Skills:
- Exceptional
storytelling skills.
- Creative
problem-solving & project management skills
- The
ability to connect the dots between mediums and disciplines (and people)
- Top-notch
communication skills, including the ability to present ideas compellingly
both internally and externally
- Excellent
organisation and time management skills
- A
deep understanding of brand development as well as both traditional and
digital marketing
- Attentiveness,
empathy, and the eagerness to constantly learn new things
- Strong
aesthetic skills with the ability to combine various colours, fonts and
layouts
- Ability
to work effectively with colleagues at all levels.
- You
are creative, innovative, and always think outside the box
- Ability
to multitask and work in a fast-paced environment
- Excellent
cross-organization collaboration skills.
Personal Attributes:
- A
willingness from the outset to take ownership of projects and push them as
far as they can, all while taking constructive feedback from the team
- Ability
to meet deadlines and collaborate with team members.
- Self-starter
with a capacity to show initiative, good judgment and resourcefulness
If you don’t hear back from us within 14 days from your
application please consider your application unsuccessful.
How to Apply