BrooksourceRemote
Application Security Engineer
United States of America
Full Time
1 day ago
$60 - $70 USD
H1B Sponsor Likely
Key skills
JavaScriptPythonJavaAWSAzureGCPSplunkCloudflareCommunicationOWASPCloud SecurityWAFFirewall
About this role
Brooksource is seeking an Application Security Engineer who will be responsible for performing application security assessments and supporting vulnerability management operations. This role requires a self-directed professional to provide security expertise to internal stakeholders and manage their own workload effectively.
Responsibilities:
- Perform dynamic and manual application security assessments for new applications, applications undergoing major updates, and applications migrating to cloud environments
- Review vendor-provided security assessments for completeness, validity, and accuracy
- Provide expert guidance to stakeholders on security findings, risk severity, and remediation approaches
- Manage assessment queues and customer timelines, communicating proactively when timelines are at risk
- Support mobile application security reviews and business process automation security reviews
- Assist with Nessus-based vulnerability scanning operations across multi-environment infrastructure including physical data centers, AWS, Azure, and GCP
- Support ad-hoc scan requests and new system build scans
- Assist with vulnerability finding interpretation, false positive validation, and stakeholder communication
- Contribute to vulnerability research and monitoring for zero-day or actively exploited vulnerabilities
- Develop working familiarity with Web Application Firewall (WAF) operations across AWS, Azure, and Cloudflare environments
- Use Splunk for log analysis and investigation, including hunting WAF blocks and identifying anomalous activity
- Support cloud security posture awareness and stakeholder consultation as needed
- Use the Archer GRC platform to document findings, manage workflows, and support compliance reporting
- Coordinate directly with stakeholders to communicate assessment status, findings, and remediation guidance
- Contribute security expertise to RFI, RFP, and research projects as needed
Requirements:
- 5+ years of direct, hands-on experience performing dynamic application security assessments
- Demonstrated experience with vulnerability management concepts and operations
- Experience programming or scripting in one or more languages relevant to application security (e.g., Python, JavaScript, Java)
- One or more active security certifications required
- Proficiency with Burp Suite or OWASP ZAP for dynamic application testing
- Experience performing manual application security testing beyond automated scanning
- Solid understanding of the OWASP Top 10 and common application vulnerability classes
- Experience working in cloud environments (AWS, Azure, and/or GCP)
- Experience with Nessus or comparable vulnerability scanning platforms
- Familiarity with Web Application Firewall concepts and operations
- Experience with Splunk or comparable SIEM platforms for log analysis
- Experience with Archer GRC or comparable GRC platforms
- Familiarity with mobile application security assessment methodologies
- Ability to read and evaluate application code for security weaknesses
- Familiarity with vulnerability and exploit research and risk classification