Location: San Francisco, CA / Pleasanton, CA
Senior Application Security Engineer SE III (164160)
Candidate can work in either San Francisco or Pleasanton
- The Senior Application Security Engineer works as a member of the Security Engineering team within the Information Security team.
- The Security Engineering team is part of the Enterprise IT organization, working closely with corporate and e-commerce application development, networking engineering, and operations teams across the IT enterprise.
- The Senior Application Security Engineer ensures that new and existing web and third-party vendor applications are implemented in a manner that assures the protection of information assets, while maintaining compliance with Information Security policies, standards and design patterns.
- Performs static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
- Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
- Serves as a Subject Matter Expert (SME) in web application development and security practices for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements.
- Develops and implement manual and automated web application security testing frameworks for web applications to enforce security standards.
- Works with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept and pilot installations
- Bachelor's degree in Computer Science, Software Engineering or related field or equivalent combination of education and experience.
- 5-7 years of experience in performing penetration testing, secure code review, static, dynamic and manual source code review.
- Experience in identifying and remediating common web application vulnerabilities such as OWASP Top 10.
- Experience in use of various commercial and open source penetration testing tools and methodologies and performing penetration testing of web applications and operating systems.
- Familiarity with APT attack and kill chains.
- Experience with various code repositories including GitHub and Apache Subversion (SVN).
- Experience with continuous integration servers such as Jenkins and ElectricCommander.