Application Security Engineer
chicago, IL 60654
Our client, a successful Enterprise SaaS organization is seeking an Application Security Engineer to join our growing Security Operations team.
As an Application Security Engineer, you will be a member of the Security Team, helping drive the continuous evolution of Origami Risk' s Secure Development Lifecycle while addressing ever-evolving cyber security threats to the Origami Risk SaaS Platform. This individual will be responsible for identifying new platform vulnerabilities, managing vulnerability detection processes, and developing automations to assist in vulnerability management and DevSecOps strategies. This individual will also work closely with our development teams to help define application security best practices, perform software architecture and design reviews, conduct black box and white box security testing, and support the identification, interpretation, and remediation of vulnerabilities across Origami Risk SaaS platform.
Tasks and Responsibilities:
- Perform manual and automated scanning and security analysis of the Origami Risk SaaS platform; identify threats, vulnerabilities, and risks to the business
- Use Security/Threat Intelligence feeds to improve indicators of compromise
- Work with DevOps teams during the application development process to adopt secure design and coding practices
- Respond to security incidents to include the collection, preservation, and analysis of forensic evidence
- Proactively identify, triage and address security flaws, threats, and vulnerabilities
- Participate in Security Operations and Support for a virtualized public cloud environment
- Participate in risk and security assessments based on Governance, Risk and Compliance requirements
- Bachelor’ s degree in Computer Science or a related technical field, or equivalent practical experience.
- 5+ years of application security experience
- Experience with attacks and mitigation methods, Web application and browser security, Security assessments and penetration testing
- Knowledge of secure coding principles and best practices for web applications
- Experience with commercial and open source web application testing tools for SAST, DAST, IAST, and RASP, and analysis tools such as Burp Suite, Paros, or similar
- Experience with multiple programming languages (such as .NET, Python, Ruby, etc.)
- Experience performing automated and manual vulnerabilities assessments of web applications based on methodologies such as OWASP and WASC
- Knowledge of authentication and access control, security monitoring and intrusion detection, data encryption, and cryptography techniques
- Experience securing public cloud environments such as Amazon AWS, GCP or Microsoft Azure
- Ability to scale security within the SDLC through automation
- Relevant security certifications (i.e., GWEB, GCWN, CSSLP, OSWE, CASE)
- Experience with software development lifecycle (SDLC) methodologies such as Agile, DevSecOps
- Role can be located in Chicago, IL / Denver, CO/Atlanta, GA Origami Risk offices.