Application Security Engineer – Threat Modeling, SAST, SCA
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Application Security Engineer at Netsentries performing secure code assessments and Threat Modeling for enterprise web/mobile applications. Collaborating with development teams to identify and remedy vulnerabilities.
Responsibilities:
- Perform in-depth static secure code analysis with open source and commercial tools
- Perform Threat Modeling and in-depth manual secure code reviews
- Perform security engineering reviews
- Reverse Engineering App binaries and analyzing the decompiled/disassembled code
- Prepare advisory for developers of the application on secure coding practices for addressing vulnerabilities identified
- Collecting evidence to demonstrate the findings
- Collaborating with client-side application security and development teams
- Handle enterprise SAST projects involving a variety of programming languages including and not limited to web applications with Java, .NET, etc., Android and iOS mobile applications programming languages
- Execute code-aware security assessments in adherence with industry standards like OWASP ASVS, OWASP MASVS, OWASP Top10, OWASP Mobile Top 10, SANS 25, PCI-DSS, HIPAA, MITRE-CWE etc.
- Experience with enterprise SAST projects involving a variety of programming languages including and not limited to web applications with Java, .NET, etc., Android and iOS mobile applications programming languages
Requirements:
- A degree in computer science or related field and/or equivalent experience in software development.
- Exposure to industry standard development practices and programming languages would be a plus.
- Demonstrable understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps.
- Excellent interpersonal communications skills.
- Experience with Android / iOS mobile platforms
- Experience in performing secure code reviews / reviewing results of static analysis tools
- Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities & Exposures (CVE) and their remediation recommendations
- Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate them.
- Understanding of OWASP Top 10
- Certifications like OSWE is preferred
- Experience working with commercial SAST/SCA solutions like Checkmarx, Veracode, Synopsis etc. is an advantage.
Similar Jobs
Senior Databricks Application Engineer
Senior Databricks Application Engineer designing Databricks Apps and developing data solutions remotely. Collaborating on analytics workflows and cloud integration for IT Services.
Senior Application Security Engineer
Senior Application Security Engineer at Amerisure designing and maintaining security controls for applications. Leading security monitoring and vulnerability management in a DevSecOps environment.
Full-stack AI Application Engineer
Full-stack Engineer at ThirdLaw building AI-native platform features. Working in a small team to deliver impactful solutions to ensure AI trust and safety.
Senior Application Security Engineer
Senior Application Security Engineer at RevenueCat ensuring security across web and mobile applications. Collaborating with engineering teams and external parties to create secure frameworks and support bug bounty programs.
Technology Field Application Engineer
Technology Field Application Engineer at Arrow Global Components facilitating solutions for customer designs through technical leadership and engineering investments. Partnering with sales teams and managing supplier expectations.
Application Security Engineer
Application Security Engineer responsible for embedding security in software delivery at SNHU. Collaborating with DevSecOps teams to ensure application security in various approved remote states.
Application Engineer – Europe South
Application Engineer providing technical expertise and support for Mecademic's robotic solutions. Focused on Europe South region while engaging with engineers and integrators.
Application Engineer – DACH Region
Technical expert for Mecademic's robotic solutions in the DACH region. Provide in-depth technical support and demonstration for successful deployment and optimization of robotic solutions.
Principal AI Application Engineer
Principal AI Application Engineer creating modular AI solutions for government services at Code for America. Collaborating with various teams for effective public service delivery.
Application Engineer
Drive technical support and training for Cimatron CAD and Mold products while collaborating with sales teams in Mexico. Oversee customer implementation projects and maintain high-quality customer satisfaction levels.
Application Support Engineer
Application Support Engineer responsible for resolving application and infrastructure issues in customer-hosted environments at Lumin Digital. Collaborating with internal teams to ensure smooth client operations.
Senior Cloud Application Support Engineer
Cloud Engineer providing advanced support and troubleshooting for cloud-based services in a managed service environment. Leading problem resolution efforts and improving service offerings using Azure expertise.
Dynamics 365 Application Support Engineer
Dynamics 365 Application Support Engineer managing application issues and ensuring customer satisfaction. Supporting Microsoft's Dynamics 365 systems while adhering to IT security principles and best practices.
Mechatronics Application Engineer
Mechatronics Application Engineer focused on customer automation in North America. Supporting technical sales and providing in-depth knowledge of mechatronic solutions.
Application Engineer – ASEAN Region
Application Engineer providing technical support for Mecademic's robotic solutions in the ASEAN market. Responsible for demonstrations, training, managing customer relationships, and addressing technical challenges.
Pre-Sales Application Engineer
Lab Productivity Pre‑Sales Application Scientist at Agilent enabling laboratory automation and analytical workflows. Collaborating with customers to enhance lab productivity solutions.
Field Application Engineer
Field Applications Engineer installing and troubleshooting vehicle control systems for ambulance builders and specialist converters, requiring extensive travel across the United States.
Application Engineer, AI Physics
Application Engineer building AI Physics capabilities for engineering and scientific discovery at Rescale. Collaborating with customers and engineering teams to ship product features.
Application Security Engineer
Application Security Engineer securing software programs for Department of Justice. Focusing on identifying vulnerabilities, designing security controls, and improving security processes.
Technology Field Application Engineer
Technical Project Manager at Arrow, facilitating customer and partner interactions to enhance demand creation for electronic components. Requires expertise in electronics and strong communication skills.