Application Security Engineer (Remote in the U.S.)

GuidePoint Security provides trusted cybersecurity expertise and solutions to help organizations minimize risk. The Application Security Engineer will run client security tools, collaborate with developers for secure design guidance, and manage application security tooling.

Responsibilities:

• Run client SAST, DAST, and SCA tools, review outputs and provide recommendations
• Implement integrations for tools into pipelines, ticketing systems, etc
• Collaborate with developers to provide secure design guidance and remediation strategies
• Familiarity with CI/CD systems (i.e. GitHub) and integrating software security tools into the development workflow
• Strong understanding of web application security principles and best practices
• Manage, maintain and operate application security tooling, including configuration, tuning, and automation

Requirements:

• Bachelor's degree in Computer Science, Information Systems or Information Security, and 4 years progressive baccalaureate experience as a security engineer, security analyst or related position working in Application Security
• Must have 2 years of experience with each of the following:
• Integrated Development Environment (IDE) and Continuous integration / Continuous Delivery (CI/CD) Pipeline tools and processes (e.g. Azure Dev Ops, Jenkins, Bamboo, etc.)
• Secure Development Lifecycles and experience remediating technical vulnerabilities identified by web application scanning tools
• Information Systems architecture, security control design, and development experience
• Manual testing tools such as Burp Suite Pro
• Knowledge of and experience with SAST/DAST/SCA Application Security tools (Invicti (DAST) or Checkmarx (SAST/SCA)
• Experience with the integration of tools into development pipelines
• Experience understanding and mitigating Application Security related vulnerabilities
• Experience with reviewing source code written in JavaScript, Python, Java, C++, PHP, or C#