Application Security Engineer

Job Responsibilities :

- The candidate is expected to execute and manage multiple complex and enterprise application security testing projects.

- The candidate is expected to complete projects on time, coordinate with client stakeholders for issues and challenges, track delays, etc.

- The candidate is expected to gain in-depth knowledge and has executed complex Application Security Code Review projects for different types of applications including mobile, web services, web apps and thick-client developed in various languages (i.e. Java, ASP.NET, ReactJS, etc.

- The candidate will be involved in application architecture understanding, threat identification, vulnerability identification and control analysis.

- The candidate is expected to identify and infer the business risk posed by vulnerabilities identified and showcase prioritization of risks including solution recommendations.

- The candidate is expected to engage with both business and technical teams within and outside the organization from a project scope definition, project execution, project closure and post project support perspectives.

- The candidate is expected to mentor and train junior resources with focus on enhancing their skill sets.

- The candidate is expected to monitor their team members adherence to established security testing processes and organizations policies and procedures.

- The candidate is expected to conduct project reviews to ensure a thorough testing is conducted by the team.

- The candidate is expected to perform technical reviews to identify errors and suggest changes to ensure highest quality of the deliverables.

- The candidate is expected to identify new test cases and develop techniques to test and showcase proof of concept.

- The candidate is expected to track errors made by the engineers and develop an improvement plan for them.

- The candidate should be open for onsite deployments anywhere across the world as business demands.

Required skill set :

- 3+ years of Application Security Testing Experience.

- Expertise in application security testing

- Secure Code Review, Web, Mobile, web services, thick-client.

- Experience with J2EE (servlet/JSP) and/or .NET (C#/VB.Net and ASP.NET) with different frameworks (Struts, Spring, MVC, .NET) and understanding of AJAX and web services .

- Any CyberSecurity related certification and Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.

- Experience in application architecture review.

- Ability to handle difficult situations and to provide alternative solutions or workarounds.

- Experience in training and mentoring other team members .

- Good verbal and written communication skills with the ability to talk to both business teams and technical teams.

Preferred skill set :

- Experience with Source Code Review and application security testing.

- Knowledge of Cryptography (symmetric and asymmetric encryption, PKI, etc.

- Flexible and creative in helping to find acceptable solutions for customers .

- Ability to work on multiple complex assignments simultaneously .

- Ability to work independently with minimal oversight and in teams.

- Experience with leading and guiding a team of security engineers .

- Additional knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.

- Knowledge of different standards such as PCI DSS, HIPAA, ISO, etc.