Senior Application Security Engineer

This is a fully remote position, open to applicants in Pennsylvania.

📋 Description

• Take on a pivotal role within our Information Security team as a Senior Application Security Engineer.

• Utilize your expertise in application security, security engineering, and software development.

• Enhance and support our inline code testing and reporting mechanisms.

• Oversee the implementation and administration of application security tools.

• Integrate security measures into CI/CD pipelines.

• Assist development teams in utilizing these tools and interpreting their findings.

• Implement and maintain Application Security Testing (AST) tools (SAST, DAST, IAST, SCA, etc.) to discover code and dependency vulnerabilities throughout the software development lifecycle.

• Implement and manage Application Security Posture Management (ASPM) tools to consolidate and eliminate duplicate findings from various solutions, facilitating their integration into software development processes.

• Serve as the primary support for users, aiding in the resolution of false positives, offering guidance on remediation, and assessing security exception requests.

• Integrate security tools with Continuous Integration/Continuous Deployment (CICD) pipelines.

• Create comprehensive reports on security findings and remediation actions.

• Communicate security risks and promote secure development practices to development teams and their leadership.

• Analyze vulnerabilities, triage security risks at scale across diverse application development environments and business units.

⛳️ Requirements

• Bachelor’s degree with 7 years of experience OR Master’s degree with 6 years of experience OR PhD with 2 years of experience.

• Over 5 years of experience in application security and software development.

• More than 3 years of experience in implementing, administering, and supporting application security tools such as SAST, DAST, IAST, and SCA.

• In-depth knowledge of secure coding practices across various programming languages, especially Java and Node.js.

• Extensive experience in integrating security testing into CICD pipelines.

• Strong understanding of application security principles, common vulnerabilities (e.g., OWASP Top 10, CWE, etc.), and their corresponding mitigations.

• Proven experience in implementing and scaling DevSecOps practices and tools in large organizations.

• Experience in deploying DevSecOps workflows in cloud environments like AWS and Azure.

• Familiarity with developing Infrastructure As Code (IAC) using tools such as Terraform and/or CloudFormation.

• Experience in supporting developers in assessing and mitigating application security test results.

• Ability to effectively convey technical findings to both technical and non-technical audiences.

• Demonstrated capability to operate as a principal engineer, generating innovative technical ideas and strategies.

• Proven ability to think creatively to address complex technical challenges and advocate for new technologies to achieve program objectives.

• Excellent written and verbal communication skills in English, evidenced by presentations at prominent scientific or technical conferences.

• Experience mentoring and supporting the growth of junior engineers.

🏝️ Benefits

• Paid time off (vacation, holidays, sick leave).

• Medical, dental, and vision insurance.

• 401(k) available to eligible employees.

• Opportunity to participate in long-term incentive programs.