Application Security Engineer - AppDirect
Application Security Engineer
AppDirect is the leading cloud service marketplace company dedicated to revolutionizing
the way businesses run. We offer a cloud service marketplace and management platform
that enables companies to distribute web-based services. The global network of
AppDirect-powered marketplaces allows businesses to find, buy, and manage the best
applications the cloud has to offer.
With our award-winning platform, service providers can launch a state-of- the-art online
application store within a matter of weeks, while developers can integrate once and make
their software available across multiple marketplaces worldwide. Our products offer more
advanced features and tools than any other competitive solution, putting AppDirect at the
forefront of the rapidly evolving market for cloud services delivery. AppDirect powers the
cloud marketplaces of trusted companies around the globe— Comcast, Staples, Deutsche
Telekom, Vodafone, Telstra, Rackspace, Cloud Foundry, and more—and has helped to
connect millions of companies with today’s leading web-based applications.
Who we're looking for:
We are seeking an Application Security Engineer who interfaces with application
development teams to ensure security, privacy, and compliance requirements are
addressed throughout the development lifecycle. This individual leads the effort in the
implementation of new security solutions. He or she drives the creation and maintenance
of policies, standards, baselines, guidelines and procedures. He or she is accountable for
conducting application vulnerability assessments, application penetration testing, and
security assessments. Above all other factors, we are looking for smart, driven candidates
who want to be part of a culture of innovation and creativity as we develop and define the
peer-to- peer lending market.
What role:
Responsible for web application security for various applications.
Identifies, highlights, and provides security recommendations during requirement and design reviews.
Conducts in-house penetration testing and code-reviews of AppDirect applications and platform.
Provides consultancy for Product development, Engineering & Operations team on technical security issues and remediation.
Takes ownership of Application Vulnerability Management Process.
Ensures that vulnerability scans are run at scheduled time.
Ensures static/dynamic code analysis are done at scheduled time.
Ensures scan results are analyzed in a timely manner.
Categorizes the vulnerabilities as per defined process.
Ensures fixes are applied as per the vulnerability policy.
Tracks open issues and follow up with different teams to address the
open issues.
What we look for:
Degree in Computer Science/Information Systems or related field
4+ years of experience as a developer or in application security
Experience in SAST/DAST tools required.
Strong programming background
Languages experience: Java/Scala, Golang, T-SQL, JavaScript, HTML strongly preferred
Experience with modern Web Application Framework (Java/Rails) required, Hibernate, MVC based Framework, AOP Framework, Web Services (SOAP/WSDL or ReST/WADL) required
Knowledge of authentication mechanisms like SAML, OAuth, etc.
Knowledge of Security Flaws and its Resolution as listed in sites like OWASP, SANS, etc.
Experience in secure application programming, code reviewing, and penetration testing web based application
Experience in security testing mobile application is a plus
Ability to work effectively with technical and non-technical personnel in a
cross-functional setting
Experience leading implementation efforts of security initiatives and resolutions of any findings from internal or external assessments
Experience identifying security risks and developing solutions to eliminate or minimize risks
Knowledge of software design, software, network architecture, protocols, and standards
Excellent verbal and written communication skills.
Last updated: 701 days ago
© 2021 - 2022