Senior App Security Engineer

The Senior Application Security Consultant holds a crucial role within the Application and Cloud Infrastructure Security Services division, dedicated to service delivery, enhancement, and expansion.

The Application Security sector employs state-of-the-art processes, offering services such as application security architecture, risk assessment, Security DLC and CI/CD integration, and managed solutions tailored to medium-sized enterprises in finance, healthcare, e-commerce, and technology sectors.

In the collaborative and forward-thinking work environment, the organization values achievement over rigid schedules, providing a flexible work-life balance.

Responsibilities:

• Leads projects from inception to conclusion, collaborating closely with internal and external teams.
• Delivers application security services, including review and pentesting of web, mobile, or desktop applications using both automated and manual approaches.
• Develops and presents application security design blueprints and risk evaluation reports.
• Devises application security solutions tailored to client requirements.
• Evaluates identified issues and partners with clients on their implementation of remedies.
• Engages closely with client development teams, providing support for secure development practices.
• Advocates for cross-domain cooperation and alignment of security initiatives.
• Furnishes expertise in Application Security, offering peer assessments and mentorship.
• Contributes to Cloud Infrastructure security efforts and other domain engagements as necessary.
• Fosters the growth of the organization and its standing as an industry leader through the delivery of top-tier services.
• Supports in the technical sales of application security and related services.
• Identifies opportunities for process enhancement and automation, aiding in their implementation as appropriate.
• Regularly informs Forward Security leadership on significant activities, metrics, achievements, and challenges.
• Participates in educational pursuits, including attending relevant training sessions and conferences.
• Upholds a benchmark of excellence in line with Forward’s core values.

Qualifications:

• Holds a Bachelor’s degree in Computer Science, Computer Engineering, or equivalent.
• Possesses 3+ years of experience in an Information Security role, with a minimum of 2 years in Application Security.
• Boasts 2+ years of contemporary software development experience (API proficiency is advantageous).
• Demonstrates a profound grasp of secure software design, development methodologies, and principles.
• Displays proficiency in programming languages like Java, JavaScript, C#, Python, or C/C++, as well as associated application development frameworks.
• Exhibits the capability to identify and safeguard against web and mobile application security vulnerabilities, including those identified in the OWASP Top 10 and CWE Top 25.
• Has familiarity with static and dynamic security analysis tools, alongside black-box and white-box methodologies.
• Is knowledgeable about tactics, techniques, and procedures employed in software security exploitation.
• Holds experience in application security architecture, design consultation, and risk assessment employing industry-leading processes and methodologies.
• Possesses the capacity to construct and implement test plans, and offer complementary documentation and metrics.
• Demonstrates familiarity with authentication and authorization protocols such as OpenID, OpenID Connect, OAuth, and SAML, as well as applied cryptography.
• Shows acquaintance with cloud platforms and automated security evaluation tools.
• Has made contributions to the security community, including research, presentations, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
• Is self-motivated, proactive, collaborative, and determined to surmount challenges.
• Exhibits exceptional communication skills, including the ability to present at an executive level.
• Is enthusiastic about software and security, with an Ethical Hacker mindset.