Application Security Engineer (AppSec)

Job Title: Application Security Engineer

Location: Remote - Must live in Texas

A renowned institution of higher education in the state of Texas, dedicated to academic excellence, research, and innovation. We provide a vibrant and inclusive environment that fosters learning, growth, and collaboration. As part of our commitment to maintaining a secure digital ecosystem, we are seeking a skilled and passionate Application Security Engineer to join our esteemed team.

As an Application Security Engineer, you will play a pivotal role in ensuring the confidentiality, integrity, and availability of our applications and systems. Your expertise will contribute to the protection of sensitive data, the prevention of cyber threats, and the overall security posture of the university. You will collaborate with cross-functional teams, including developers, system administrators, and IT professionals, to identify and mitigate potential security risks throughout the application lifecycle.

Responsibilities:

• Conduct thorough security assessments of web and mobile applications, identifying vulnerabilities and potential risks.
• Design and implement secure coding practices and standards, promoting secure development principles across the university.
• Develop and execute penetration testing methodologies to proactively identify vulnerabilities and suggest remediation strategies.
• Collaborate with development teams to integrate security controls and measures into the software development lifecycle.
• Monitor and analyze security logs, alerts, and events to identify and respond to security incidents promptly.
• Stay updated with the latest application security trends, emerging threats, and industry best practices.
• Perform code reviews, threat modeling, and security assessments to ensure compliance with relevant standards and regulations.
• Contribute to the development and enhancement of security policies, procedures, and guidelines.
• Provide guidance and support to stakeholders on secure coding practices and security-related matters.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree preferred).
• Proven experience as an Application Security Engineer, Application Security Analyst, or a similar role.
• Strong understanding of web and mobile application security principles, OWASP Top 10, and common vulnerabilities.
• Proficient in conducting manual code reviews, threat modeling, and vulnerability assessments.
• Familiarity with secure coding practices in programming languages such as Java, Python, C/C++, and JavaScript.
• Experience with web application security tools (e.g., Burp Suite, OWASP ZAP, AppScan) and vulnerability scanning tools.
• Knowledge of secure software development methodologies (e.g., Agile, DevSecOps) and secure SDLC processes.
• Familiarity with common compliance frameworks and regulations (e.g., PCI DSS, GDPR, HIPAA).
• Excellent problem-solving skills and ability to think critically in high-pressure situations.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with diverse teams.