We are currently seeking a Senior Application Security Developer to join our Information Security team.
Are you someone who enjoys collaborating with software developers, breaking code and building security tools to support our product team? If you have a development background with a passion for security and experience in cloud-first environments, then we want to talk to you.
What you'll be doing...
- Implement and integrate security solutions (e.g. SAST, DAST, OSS) into CI/CD workflows including Veracode, BlackDuck, and JFrog Xray.
- Whitebox testing to identify security vulnerabilities with a focus on OWASP Top 10 and SANS Top 25 issues.
- Remediate identified security vulnerabilities from ongoing vulnerability assessments and penetration tests, collaborate with the development organization as needed.
- Enhance application logging to provide more visibility into potential security issues.
- Perform threat model assessments with the Development organization using the STRIDE model.
- Red teaming exercises including the use of penetration testing techniques to conduct network and application assessments, conduct comprehensive testing activities using Metasploit, BurpSuite, and custom scripts/exploits, attempt data exfiltration using a variety of methods.
- Performing network infrastructure vulnerability and penetration tests.
What you'll bring to the table...
- A Bachelor’s Degree in Computer Science, Engineering, Mathematics or similar field with an excellent academic record in Computer Science courses.
- Experience using vulnerability tools (ie. Nexpose, Metasploit, AppSpider, BurpSuite
- Knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, and application security
- A strong curiosity to see if you can beat the defenses developers and security architects have put in place.
- Ability to work quickly to meet deadlines in a fast-paced environment.
- Commitment to highly secure and reliable infrastructure and applications – we find and fixed all vulnerabilities before they make it into production.