AppSec Engineer

This is a fully remote position, open to applicants in Argentina.

📋 Description

• Oversee and manage application security and code vulnerability tools (e.g., SAST, DAST, dependency scanning, container security).

• Detect, analyze, and validate vulnerabilities found in source code, applications, containers, and the external attack surface.

• Assist in and supervise vulnerability discovery efforts, which include:

• o Automated scanning tools

• o Bug bounty findings

• o Manual testing results (when applicable)

• Facilitate and coordinate vulnerability remediation with development teams.

• Manage and enhance the Secure Software Development Lifecycle (SSDLC).

• Review and manage the secure handling of secrets and sensitive information using tools such as HashiCorp Vault.

• Conduct security assessments of external libraries, dependencies, and components within the supply chain.

• Support security testing tools, including OWASP ZAP, Acunetix, Burp Suite, SonarQube, Outpost24 EASM, and container scanning solutions.

• Integrate findings from various security tools and prioritize remediation efforts based on risk assessments.

• Ensure that vulnerabilities are accurately tracked, documented, and managed via Jira tickets.

• Confirm that remediation actions are effectively implemented before closing tickets.

• Contribute to the establishment of security standards, guidelines, and best practices for developers.

• Document new procedures or revise existing ones pertaining to application and development security.

• Ensure that documentation is precise, comprehensive, and delivered punctually.

• Collaborate with SOC, IAM, and SIEM engineers when vulnerabilities or incidents intersect various domains.

• Generate reports and metrics concerning vulnerabilities, remediation progress, and the effectiveness of the SSDLC.

• Engage in continuous training and professional enhancement to stay informed about emerging threats, vulnerabilities, and secure development methodologies.

• Share knowledge and expertise with development and security teams to promote a secure-by-design development culture.

• Comply with the organization's various policies.

• Maintain organized and traceable work through Jira tickets.

⛳️ Requirements

• A minimum of five years of university education or a four-year college diploma, preferably in computer science, telecommunications, or other related fields, or equivalent work experience is essential.

• At least two years of experience in application security, DevSecOps, or similar roles.

• Practical experience in identifying and managing code and application vulnerabilities.

• Experience with vulnerability scanning tools for:

• o Source code

• o Web applications

• o Containers and dependencies

• Knowledge of the Secure Software Development Lifecycle (SSDLC).

• Experience working collaboratively with development teams on vulnerability remediation.

• Familiarity with secrets management and secure configuration strategies.

• Strong analytical and problem-solving capabilities.

• Ability to work autonomously and as part of the Information Security Team with minimal supervision.

• A desire to learn and continuously enhance security practices.

• Proficient documentation and reporting abilities.

• Technical skills:

• o Strong foundations in networking, application architectures, and cybersecurity.

• o Capability to understand application flows, APIs, and common vulnerability patterns.

🏝️ Benefits

• 22 days of annual leave.

• 10 days of national holidays.

• Health insurance options.

• Access to e-learning platforms.

• Possibility of on-site English classes in certain countries, and more.