Application Security Engineer
JOB DESCRIPTION:
Application Security
Engineers work closely with development teams, product managers (PM), and
Quality Engineers to ensure that Cellulant’s products are secure. As an application
security engineer, you will be required to set security controls and design
requirements during the software creation and development stage of the software
lifecycle. You will also be required to lead the integration of these designs
into the software.
In this position, you are
a passionate and talented application security engineer with a very deep
understanding of OWASP, CWE 25, Data Protection, Access management software
vulnerabilities, and best practices design and threat modeling skills who can
work in a dynamic environment. You must be dedicated to able to work with
developers in producing secure code in short time frames and be willing to go
beyond the standard routine.
You will work closely with Software Engineers, DevOps Engineers, Software Quality Engineers and Product Managers within existing product teams to deliver high-quality software releases.
Duties &
Responsibilities
- Performing
security-focused code reviews.
- Supporting
and consulting with product and development teams in the area of
application security, including threat modeling and application security
reviews.
- Assisting
teams in reproducing, triaging, and addressing application security
vulnerabilities.
- Assisting
in the development of security processes and automated tooling that
prevent classes of security issues.
- Leading
both critical and regular security releases.
- Leading
application security reviews and threat modeling, including code review
and dynamic testing.
- Leading
the development of automated security testing to validate that secure
coding best practices are being used.
- Guiding
and advising product development teams as SMEs in the area of application
security.
- Developing
security training and socializing the material with internal development
teams.
- Participating
and assisting in initiatives to holistically address multiple
vulnerabilities found across our product spectrum
Qualifications
Must have experience:
- 3-5
Years of Experience in Application Security, SSDLC, and Threat Modelling
with an MS/BS degree in Information System Management / Computer Science /
Information Security or a related technical discipline with at least 2
years of Software Development experience.
- MUST
have a deep understanding of OWASP Top 10 and CWE 25; with a proven track
record and experience in implementing and integrating remediation
strategies.
- Well-versed
in application design, penetration testing, application risk assessment,
and risk categorization.
- Experience
in managing application security testing tools like SAST, DAST and Open
Source Vulnerability Scanning.
- Solid
problem-solving and analytical skills; able to quickly digest any
issue/problem encountered and recommend an appropriate solution.
- Able
to work well with software engineering teams.
- Experience
identifying security issues through code reviews.
- Excellent
and professional communication skills (written and verbal) with an ability
to articulate complex topics in a clear and concise manner.
- Familiarity
with some common security libraries and tools (e.g. static analysis tools,
proxying / penetration testing tools).
- Familiarity
and ability to explain common security flaws and ways to address them
(e.g. OWASP Top 10).
- Good
development or scripting experience and skills. Java, Springboot,
JavaScript, and/or Python are preferred.
- A
basic understanding of network and web-related protocols (such as TCP/IP,
UDP, HTTP, HTTPS, protocols).
- CICD
(Continuous Integration Continuous Development) – Circle CI, Jenkins,
GitHub
- Must
be a self-starter, able to work under pressure and with limited
supervision both individually and with other team members
Experience that will
count in your favor:
- Experience
working in Agile teams
- Experience
in Linux operating systems
- Excellent
organization and time management skills and ability to work independently
with minimal supervision
- Must
be able to work in a fast-paced environment and manage priorities and
multi-task.
How to Apply
Looking for a job? Download the Kenyan Jobs app from Google Playstore and get the latest jobs and vacancies available in Kenya, go HERE>>>
