As an Application Security Engineer your key area of responsibility will be to ensure and enforce secure coding standards for current and future developers. This will encompass using various tools to test code for all systems and applications, provide risk assessments for vulnerabilities, as well as reporting on the overall quality of the current coding standard.
Conduct web application and code testing for all systems and applications, open source dependencies, and provide analysis and risk assessments for vulnerabilities discovered
Utilize code analysis and fuzzing tools to assess the quality and security of source code and make recommendations on tools to address any gaps in coverage
Contribute to secure coding standards (involves developing secure coding training for current and future developers)
Conduct code reviews for all code changes for a given application release, providing both a detailed risk analysis of the security posture of the code and technical programming solutions (secure coding standards) to the developers to mitigate insecure code from being implemented.
Provide a monthly report on the overall quality of source code from a security
perspective by project/team (includes trend analysis, defects remediated, etc.)
2+ years of experience performing web development (Network protocol analysis, debugging, virtualization platforms and techniques, scripting/programming)
2+ years of experience with security evaluation/analysis within a technical organization (security code reviews, providing risk assessments for vulnerabilities discovered, etc.)