Associate Application Security Engineer I

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Execute application security evaluations and penetration tests to uncover vulnerabilities, weaknesses, and potential threats.

• Partner with development teams to embed security measures and best practices into the software development lifecycle, covering requirements gathering, design, coding, testing, and deployment.

• Carry out secure code assessments to identify and address security issues, including input validation, authentication, and authorization challenges.

• Create and uphold secure coding standards and guidelines, offering direction and assistance to developers to ensure adherence.

• Oversee and examine application logs, security events, and alerts to promptly identify and respond to security incidents.

• Stay informed about the latest security threats, vulnerabilities, and industry best practices to proactively recognize emerging risks and suggest appropriate mitigation strategies.

• Collaborate with cross-functional teams to perform security risk evaluations of applications, infrastructure, and third-party vendors.

• Engage in the design and implementation of secure application architectures, including threat modeling and the selection of security controls.

• Serve as a subject matter expert in application security, offering guidance, training, and mentorship to development teams and other stakeholders.

• Assist in the creation and improvement of security tools, processes, and frameworks to enhance security practices across the organization.

⛳️ Requirements

• Bachelor’s degree in computer science, Information Security, or a related discipline - or equivalent professional experience.

• 0-1 years of direct Security Engineering experience within a progressive technology environment, utilizing both on-premises and cloud services (MS Azure and AWS).

• Strong understanding of application security principles, including secure coding practices, authentication and authorization mechanisms, encryption, and vulnerability assessments.

• Practical experience with application security tools such as static code analysis (SAST), dynamic application security testing (DAST), and penetration testing frameworks.

• Comprehensive knowledge of common web application security vulnerabilities (OWASP Top 10), attack vectors, and remediation techniques.

• Familiarity with web application frameworks, programming languages, and technologies (e.g., Java, JavaScript, Python).

• Experience with cloud security principles and practices, particularly in cloud-native environments (e.g., AWS, Azure, GCP).

• Proficiency in scripting or programming languages for automation and tooling (e.g., Python, Bash, PowerShell).

• Exceptional analytical and problem-solving abilities, capable of assessing and conveying risks effectively.

• Professional certifications in application security (e.g., CSSLP, GWAPT, CISSP) are highly advantageous.

• Administration of security tools such as Anti DDoS WAF, SAST, and DAST.

• Knowledge of secure software development lifecycle (SSDLC) and DevSecOps methodologies.

🏝️ Benefits

• Equal employment opportunity for all employees.

• Work environment free of discrimination and harassment.