Application Security Engineer (Pen Testing)

About the position

The role is responsible for working with Clearwater Analytics development teams to ensure security is integrated into the software development lifecycle and that products are secure. The focus will be on validating secure coding practices, conducting penetration testing, and managing application security vulnerabilities.

Responsibilities

• Engage in reviews of applications security, including code review as well as dynamic and manual penetration testing of products.
• Ongoing facilitation of application vulnerability management.
• Advise and support development teams in the area of application security.
• Ability to suggest improvements to existing processes/tooling.
• Demonstrate professional application of information security, compliance, assurance and/or other security practices and principles.
• Stay up to date on evolving threats and security vulnerabilities.
• Ability to assess risk based on a given risk assessment framework.
• Actively seek out opportunities to improve key systems without needing daily direction.
• Help organize a group and coordinate projects or penetration test engagements.
• Assist in definition, documentation, and evolution of best practices for the application security program.
• Go above and beyond basic requirements to support their own team and others.
• Help identify key gaps in security and tooling functionality that will drive significant improvement in application security.
• Define, lead, and implement solutions to assignments, projects, or problems.

Requirements

• Prior experience working in Application Security.
• Proven hands-on experience with security tools such as Burp Suite, OWASP ZAP, and Kali Linux.
• Working knowledge of the OWASP Top 10 for web applications and APIs and how to apply the standard to minimize security risk.
• Understanding of security best practices and how to implement them at an enterprise level.
• Basic understanding of networking concepts and protocols.
• Knowledge of secure coding principles and experience with code review processes.
• Familiarity with dynamic application security testing (DAST) methodologies and tools.
• Strong analytical and problem-solving skills with a keen attention to detail.
• Basic coding skills - SQL, Python, other scripting languages.
• Strong written and oral communication skills with the ability to convey complex security concepts to non-technical stakeholders.
• Strong organizational and interpersonal skills.

Nice-to-haves

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related area of study.
• Three years of information security experience.
• Experience in at least one programming language.
• Proficiency with SQL, Python, and/or JAVA.
• Relevant certifications (e.g., Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), etc.) are a plus.