Application Security Engineer (Remote)

Job ID: 3549
Job Title: Application Security Engineer

Location: 100% REMOTE

Job Type: Perm Full-Time

Salary: Highly Competitive

Security Engineer Job Description:

Our client is looking for a remote Security Engineer who will play a key role as part of the Infosec team. The successful candidate will have a strong background in the following areas:

• Strong foundational and working knowledge of security best practices and their integration into workflows

• Designing and Implementing modern a security reference architecture

• Working with Dev/Engineering resource to build foundationally secure applications

Responsibilities include:

• Develop and maintain internal application security tooling.

• Automate security testing and vulnerability management procedures where reasonable.

• Assist Integration of security into the build/deployment process.

• Promote a proactive approach to addressing the changing threat landscape by recommending and implementing architectural improvements to security infrastructure.

• Provide expert guidance and recommendations for strategic and tactical security architecture topics through risk advisory services.

• Perform vulnerability research, assessment, and management, serve as a technical security/risk advisor on all new technologies used/developed such as AWS, session management, SSO, Database, WAF, Opensource libraries.

• Support the engineering team by suggesting remediation strategies for reported vulnerabilities.

• Assist developers in remediating vulnerabilities by providing line-by-line guidance.

• Provide training and education to developers on software security best practices in various cloud-based systems.

• Utilize dynamic application vulnerability scanning

• Utilize static application vulnerability scanning ls

Minimum Qualifications:

• Bachelors’ Degree in InfoSec, Computer Science, or a related discipline.

• Experience with full-stack web development.

• Working knowledge of SQL.

• Complete, deliver and maintain compliance documentation for internal and external users.

• Experience developing and working with Web APIs.

• Experience interpreting results from Static Code Scanning tools.

• Strong knowledge of Security Token Services, Federated Identity Providers, SAML 2.0, OKTA, and other SSO technologies.

• Experience with creating and maintaining Threat Models at scale.

• Experience with securing database platforms.

• Experience in remediating security vulnerabilities beyond OWASP Top 10.

• Experience in performing security assessments on cloud-based multi-tenant Software-as-a-Service (SaaS) applications

• Experience in assessing the security of native and hybrid mobile applications beyond the use of automated tools.

• Functional knowledge of AWS application infrastructure

Preferred Qualifications

• Experience developing in PHP/Larvel Framework

• Experience with RDS

• Experience in at least one scripting language (Python/Ruby/Perl/)

• Experience working with SaaS applications preferably in the EdTech or AI/ML Space

Benefits
• An amazing team of friendly and inclusive people who pull together and openly help each other
• Passionate team members who have fun, work productively and take pride in everything we do
• We’re curious to explore new ideas, find innovative solutions and we’re not afraid to learn as we grow
• We work remotely
• We recharge with unlimited PTO
• Our focus is on team member health and well-being – we have a Health Day once a month
• We offer a comprehensive healthcare program

SherlockTalent loves to share a $500 referral bonus!

"U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time."