Monday, December 18, 2017

Senior Application Security Engineer

Position: Senior Application Security Engineer
Location: Newark, CA
Type : Fulltime/Direct Hire

Ensuring web applications, APIs and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001 and the Information Security Policy
Developing, implementing and monitoring enterprise information security architectures and solutions.
Designing and automating assessments through penetration testing and ethical hacking, then analyzing security risks and recommending mitigating and compensating security controls.
Working closely with the Security Operations Center to develop new incident response plans and playbooks related to web application security threats.
Working closely with engineering and QA to ensure security principles are enforced in all stages of the software development lifecycle.
Participating in source code reviews and providing assessments of changes to application design and architecture prior to release to production.
Working closely with cross functional teams to embed security, logging, auditing, and support all applications hosted within the corporate and cloud environments.
Performing assessments of security tools, vendors and solutions to support information security roadmap initiatives.
Help develop and deliver training around secure development lifecycle and secure coding practice.
Performing internal penetration testing working closely with the engineering team to assess and prioritize discovered security issues and vulnerabilities.
Maintain and support application security tools, including static and dynamic security analysis solutions, and develop related documentation.

Minimum 7+ years of experience in Information Security with an emphasis on application security.
At least one security related certification, such as CISSP, GIAC, CSSLP, required.  CISSP or CEH strongly preferred.
Experience with the development, deployment, and automation of application security solutions in an enterprise cloud based environment
Experience in DevOps environments and maintaining security in CI/CD processes highly desired.
Solid understanding of Microsoft Azure architecture and services
Deep understanding of OWASP Top 10 and CWE/SANS Top 25.
Demonstrated proficiency in ethical hacking and whitehat penetration testing techniques.
Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2
Hands-on technical proficiency with Burp Suite, Metasploit and Kali Linux highly preferred.
In-Depth knowledge of web application architecture, API development, and MVS frameworks required
Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.
Experience in creating detailed solution design documents & diagrams
Demonstrated experience in investigating security issues related to web application exploits, credential stealing and authentication-based exploits
Demonstrated ability to facilitate automation and integration through scripting in Powershell, Python, Perl, etc, highly preferred.
Demonstrated proficiency in JavaScript, HTML, PHP or Python.  Programming experience in Java, C++ or C highly preferred.
Familiar with threat models for large, distributed systems and cloud-based SaaS infrastructure.

Chetan Gusain
Diligente Technologies | Santa Clara, CA | 95054
Direct: 408.689.2083 I Fax: 650.745.3257