Application Security Engineer

Gravity IT Resources

Apply Now

Job Title:  Application Security Engineer

Location: Remote

Job-Type: Permanent

Referral Fee: $3,000

Employment Eligibility: Gravity cannot transfer nor sponsor a work visa for this position. Applicants must be eligible to work in the U.S. for any employer directly (we are not open to contract or “corp to corp” agreements).

Position Overview:

Application engineer will help drive and develop improvements to the application security program.  You will the technology and business organizations as well as fellow security team members to protect customers and their data by helping build and operate secure systems. The Application Security team is responsible for measures to improve and ensure the security of web, mobile, code and related components in customer facing products. The team owns secure development standards and training, security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, vulnerability management programs, cloud security, and infrastructure-as-code (IaC) security. Application Security works in collaboration with other teams within the Information Security organization, including infrastructure and cloud security, vulnerability management, network security, security operations/incident response, and security compliance.

Duties & Responsibilities:

  • Perform management on automated security testing tools; maintain relationships with product vendors.
  • Review source code, software/system designs, and consult with engineers across the organization to identify and/or avoid security issues through alignment with security standards and best practices.
  • Perform manual security testing to uncover harder-to-find security flaws in new/existing features and system components.
  • Implement cloud and application security and contribute to program strategy and roadmap plans.
  • Run through threat modeling and adversary emulation exercises to ensure optimized security design decisions are being made.
  • Document and improve secure development lifecycle processes, standards, and guidelines.
  • Provide guidance to engineers and developers on security topics.
  • Help with internal purple and red team exercises to proactively evaluate environments for security flaws.
  • Leverage your accumulated subject matter expertise on existing and future applications, systems, and infrastructure to propose design patterns and drive architectural improvements which address security flaws.

 

Required Experience & Skills:

  • Bachelor’s degree in business, Information Systems, Computer Science, or technology-related field preferred.
  • Desired security certifications include: AWS Cloud Practitioner, Cisco CyberOps Associate, Cisco Certified Network Associate (CCNA), CompTIA Security+, CompTIA Network+, ISC2 Entry-Level, ISC2, GIAC, EC-Council, CompTIA, Cloud, Certified Ethical Hacker (CEH).
  • Worked 3+ years as a security engineer in infrastructure, cloud, and application security.
  • Has supported assessing/securing complex environments.
  • Experience writing IaC (Infrastructure as Code). As well as experience with containers and container orchestration.
  • Strong familiarity with Cloud, Linux, Windows, and similar infrastructure/technologies.
  • Solid understanding of networking.

Apply Now