Sr. Application Security Engineer
Location: San Mateo, CA or San Francisco, CA
Salary: $150-200+K + Stock Options
Telecommuting: 1 day/week
The recognized SaaS industry leader in its market is looking for a Sr. Application Security Engineer. The company has been in business for 11 years, earns $100+ million in revenue/year, has 1000+ global clients (such as Dell, Box.com, General Motors) and has 800+ employees. The company has been named to as the leader in the industry by Forrester Research, has been valued at $1+ Billion and won Glass Door’s 2018 Best Places to Work.
The Application/Software Security Engineer will join a growing Security team that has overall security responsibility for securing mission critical extremely high-volume SaaS products running on AWS. The Application Security Engineer will be primarily responsible for securing SaaS web applications in 2 areas:
1. Static Application Security Testing (SAST): Research, select, design, implement and manage SAST Tools to analyze source code and/or compiled versions of code to help find security flaws. (i.e. OWASP SonarQube, Orizon, Lapse, O2, OWASP Web, etc.)
2. Dynamic Application Security Testing (DAST): Research, select, design, implement and manage DAST Web Application Vulnerability Scanning and Automated tools to scan SaaS web applications for security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configuration (IBM AppScan, Burp Suite, Rapid 7 Nexpose, QualysGuard, Retina, OWASP Zed Attack, etc.)
3. Run Time Application Self Protection (RASP) Application testing: Utilize tCell to protect web apps deployed in AWS.
The Application Security Engineer will be responsible for designing and implementing security policies, processes, procedures and security audits/review processes as it relates to the software development lifecycle of existing and new SaaS products and features by the current Java development teams.
The Application Security Engineer will report directly to the Director of Security
The company offers matching 401K, full benefits (PPO & HMO) including medical, dental and vision, HAS/FSA, 15 PTO days, 10 paid Holidays, Short and Long-Term Disability, Life Insurance, Employee Assistance Program, Public Transportation and Transit subsidies, Student Loan Discounts, fitness reimbursement program, healthy snacks, UrbanSitter, Extended Maternity leave, casual dress, paid parking (or public transportation subsidization) and flexible work hours that all start upon employment.
· Must have experience securing the SDLC in a Cloud environment (preferably AWS)
· Must have experience with 1 or more of the following:
o SAST: Static Application Security Testing Tools
o DAST: Dynamic Application Security Testing Tools
o RASP: Run Time Application Self Protection Tools
· Must have experience writing automated testing tools utilizing Python, Ruby, GoLang etc. (preferably that integrates with AWS
· Any experience with AWS API and CLI to automate tasks is a plus
· Any experience with IAST (interactive application security testing) is a plus
· Any experience with the following AWS Security Services are a plus: AWS Cloud HSM, AWS Config, AWS IAM, Amazon Guard Duty, Amazon Inspector, AWS Key Management Service, Amazon Macie, AWS Shield, AWS Security Groups, Cloud Directory and any other necessary AWS Security Services