Application Security Engineer

Job Description

• Defines specifications and develop code and utilities, modifies existing programs, prepares test data, and prepares functional specifications.
• Establishes, participates, and maintains relationships with customers and subject matter experts to remain apprised of direction, architectural and technology trends, risks, and functional / integration issues.
• Analyzes, designs, develops, codes and implements programs in one or more programming languages, for Web and Rich Internet Applications.

Create various automated security integration solutions.

• Work with the API Management platforms to develop APIs, Products, Plans, etc. and test them.
• Develop UI and API functionality in languages including, but not limited to JavaScript, TypeScript and python.
• Work with application development personnel and other technical team members to review existing and / or new APIs / web services in support of quality implementations that align with Security policies, procedures, and generally-accepted best practices.
• Work closely with DevOps and cloud infrastructure architects and engineers to design, implement and manage secure, scalable, and reliable cloud infrastructure environments.
• Participates as a technology advisor to collaborate with Agile squads to deliver business benefits with effective and efficient use of technology Platform(s)
• Ensures teams are validating for OWASP and performing industry leading application security practices.
• Performs application program interface security assessments and remediation activities as part of the API security program.
• Leverages the enterprise SSDLC processes and toolset.

Skills :

• Bachelors degree in Computer Science, Computer Engineering, Technology, Information Systems (CIS / MIS), Engineering or related technical discipline, or equivalent experience / training
• 2 years of experience working as a frontend or backend software developer
• API : Experience with HashiCorp Vault APIs, Cloud APIs and API gateway
• Experience as a developer on a team consisting of five or more software developers
• Ability to conduct independent research
• Broad understanding of web service implementation paradigms (REST, SOAP)
• Basic understanding of Cryptography concepts : hashing, signing, symmetric / asymmetric encryption and decryption
• Basic understanding microservice application architecture, software cohesion and software coupling
• Comfortable learning new programming languages as needed to conduct code reviews
• Comfortable with the following tools and technologies : Git, SoapUI, Jenkins, Artifactory, SonarQube, Find Bugs, Docker Experience with deploying and configuring API scanning tools
• Experience in Identity and access management concepts and technical specifications
• Experience creating continuous integration pipelines (Cloud bees, Jenkins, Buddy, Urban Code, etc.)
• Experience using integrated development environments (e.g. Visual Studio, Visual Studio Code, Eclipse)
• Experience with Azure Resource Manager (ARM) and scripting tools, including PowerShell, Azure CLI, JavaScript, Shell scripts, Python, or similar languages.
• Experience developing solutions that combine data from APIs, endpoints, and databases
• Outstanding communication, analytical skills and ability to function in a globally diverse work environment
• Experience working within an agile team (Scrum, Rally, etc.)
• Familiarity with OWASP and the Sans Top 25

Education and Experience :

• Bachelors degree in Computer Science or related field or equivalent experience / certification
• API security 1 year
• 2 years working as a Security Engineer
• 1-year experience developing automation solutions in Python, Java or PowerShell

Ability to analyze complex problems and implement solutions and / or workarounds

• Familiarity with NIST Special Publications (e.g. -,-53, CSF)
30+ days ago