Application Security Engineer

  • location: Austin, TX
  • type: Permanent

job description

Application Security Engineer



  • Work with the engineering leadership to define our secure SDLC and the security standards that need to be met for each product.
  • Maintain documentation related to the Application Security program including the development of secure coding policies, procedures and standards, modification of the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
  • Implement and manage training programs to train developers on secure code development practices.
  • Identify application security requirements early-on and incorporate into secure code development practices.
  • Plan, coordinate, and lead teams with the design, integration, development, validation and implementation of specific security policies, systems and services.
  • Evaluate new security trends and technologies.
  • Provide expertise and coaching on app security best practices, standards, architectural approaches and complex technical resolutions for processes.
  • Coordinate how appsec requirements underpin the security requirements established by the Dir of Engineering Operations.
  • Lead and build strong global software development engineering teams and a strong, positive software engineering culture.
  • Report on app security metrics to senior leadership.
  • Participate as a subject matter expert in the incident response program.
  • Attend design and application architectural reviews and actively lead discussions from a security standpoint.
  • All other duties and responsibilities and may be assigned

  • 7+ years in the following security functional areas: application security, authentication and authorization, identity and access management, dynamic application security testing, static application security testing, data security, security monitoring or SSO/2FA security, vulnerability management.
  • 3+ years working with cloud deployed applications
  • 3+ years of Program Management experience.
  • Strong program development, program management and leadership skills including experience in developing, documenting and establishing application security programs and best practices.
  • Deep application development / software development experience, understanding of security protocols and APIs.
  • Understanding of application threat modeling and SDLC security practices.
  • Experience with agile software development methods using SCRUM preferred.
  • Expertise in mitigating and addressing technology or application threat vectors
  • Expertise in building a defense in depth infrastructure security architecture that includes security controls across multiple technology stacks
  • Experience with Web Application Firewalls, Runtime Application Self-Protection (RASP), Reverse Proxies, and security assessment tools/methodology (network, systems, and application)
  • Solid knowledge and understanding of securing all major web server environments and cloud platforms based on OWASP top ten recommendations
  • Demonstrated knowledge of regulatory and statutory compliance requirements across industries
  • Familiarity with dynamic web application vulnerability scanning tools and services.
  • Familiarity with static code analysis tools and services.
  • Familiarity with high level programming languages.
  • Self-starter with strong work ethic and ability to excel as part of a geographically diverse team.
  • Fluency in English required. Spanish a big plus.
  • Excellent verbal and written communication skills.
Preferred Skills and Experience:

  • Knowledge of enterprise security/threat intelligence/threat detection a big plus.
  • Experience in Network security is a plus.
  • Experience in SIEM technologies is a plus

get jobs in your inbox.

sign up

related jobs