Senior App Security Engineer
$120k - $150k
The Senior Application Security Consultant holds a crucial role within the Application and Cloud Infrastructure Security Services division, dedicated to service delivery, enhancement, and expansion.
The Application Security sector employs state-of-the-art processes, offering services such as application security architecture, risk assessment, Security DLC and CI/CD integration, and managed solutions tailored to medium-sized enterprises in finance, healthcare, e-commerce, and technology sectors.
In the collaborative and forward-thinking work environment, the organization values achievement over rigid schedules, providing a flexible work-life balance.
- Leads projects from inception to conclusion, collaborating closely with internal and external teams.
- Delivers application security services, including review and pentesting of web, mobile, or desktop applications using both automated and manual approaches.
- Develops and presents application security design blueprints and risk evaluation reports.
- Devises application security solutions tailored to client requirements.
- Evaluates identified issues and partners with clients on their implementation of remedies.
- Engages closely with client development teams, providing support for secure development practices.
- Advocates for cross-domain cooperation and alignment of security initiatives.
- Furnishes expertise in Application Security, offering peer assessments and mentorship.
- Contributes to Cloud Infrastructure security efforts and other domain engagements as necessary.
- Fosters the growth of the organization and its standing as an industry leader through the delivery of top-tier services.
- Supports in the technical sales of application security and related services.
- Identifies opportunities for process enhancement and automation, aiding in their implementation as appropriate.
- Regularly informs Forward Security leadership on significant activities, metrics, achievements, and challenges.
- Participates in educational pursuits, including attending relevant training sessions and conferences.
- Upholds a benchmark of excellence in line with Forward’s core values.
- Holds a Bachelor’s degree in Computer Science, Computer Engineering, or equivalent.
- Possesses 3+ years of experience in an Information Security role, with a minimum of 2 years in Application Security.
- Boasts 2+ years of contemporary software development experience (API proficiency is advantageous).
- Demonstrates a profound grasp of secure software design, development methodologies, and principles.
- Exhibits the capability to identify and safeguard against web and mobile application security vulnerabilities, including those identified in the OWASP Top 10 and CWE Top 25.
- Has familiarity with static and dynamic security analysis tools, alongside black-box and white-box methodologies.
- Is knowledgeable about tactics, techniques, and procedures employed in software security exploitation.
- Holds experience in application security architecture, design consultation, and risk assessment employing industry-leading processes and methodologies.
- Possesses the capacity to construct and implement test plans, and offer complementary documentation and metrics.
- Demonstrates familiarity with authentication and authorization protocols such as OpenID, OpenID Connect, OAuth, and SAML, as well as applied cryptography.
- Shows acquaintance with cloud platforms and automated security evaluation tools.
- Has made contributions to the security community, including research, presentations, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
- Is self-motivated, proactive, collaborative, and determined to surmount challenges.
- Exhibits exceptional communication skills, including the ability to present at an executive level.
- Is enthusiastic about software and security, with an Ethical Hacker mindset.
Posted by: Aliya Lazarus