Application Security Engineer

$125,500 - $150,500/Yr

Dotdash Meredith - State College, PA

posted 29 days ago

Full-time - Mid Level
Remote - State College, PA
Publishing Industries

About the position

The Application Security Engineer at Dotdash Meredith will play a crucial role in enhancing the security posture of the organization's software development lifecycle (SDLC). This position involves collaborating with software development teams to integrate security solutions, manage vulnerabilities, and ensure compliance with security standards. The engineer will act as a subject matter expert, guiding technical direction and delivering projects that improve security across various applications and platforms. Remote work flexibility is offered, with an expectation to work from the office three times a month if residing near one of the main offices.

Responsibilities

  • Function as a subject matter expert for security solutions within the organization's platform.
  • Integrate security solutions into the SDLC process.
  • Work with development teams to improve the security of CI/CD processes by ensuring version control for source code, scanning code for vulnerabilities in the build pipeline, and ensuring public/private repositories are trusted and secure.
  • Design and develop coding standards across infrastructure, application, and data security, building out guidelines and standards to drive a standardized set of security requirements that align with internal policies and meet external compliance/regulatory requirements.
  • Help evolve application security functions and services.
  • Prioritize, triage and remediate vulnerabilities and findings from security scans and bug bounty programs.
  • Review security test results from vulnerability scans and penetration tests and propose appropriate remediation measures or mitigation controls, conduct a remediation plan and supervise its progress.
  • Improve and support application security tool deployments including static analysis, dynamic testing and software composition analysis tools.
  • Conduct security code reviews for various languages and frameworks of web and mobile applications.
  • Identify security exposures and develop mitigation plans.
  • Investigate and report vulnerabilities in systems and platforms.
  • Assess the application threat landscape through threat modeling and architecture reviews.
  • Develop metrics and reporting on the posture of the application security program.

Requirements

  • 2+ years experience in a security technical role or software development.
  • Development experience in Java, JavaScript and Python.
  • Scripting and automation experience using RESTful APIs.
  • Knowledge of SANS/CWE Top 25, OWASP Top 10 Application Security principles.
  • Experience with application security tooling and processes, including code review, static code analysis, penetration testing, risk management, etc.
  • Strong knowledge and experience in implementing SDLC best practices.
  • Knowledge with Git and version control best practices.
  • Ability to innovate and find creative solutions that balance business needs with security needs.
  • Familiarity with application layer assessment tools, such as local proxies and fuzzers.
  • Familiarity with threat modeling and security design review methodologies.
  • Solid understanding of OSI model, TCP/IP, HTTP and TLS.
  • Knowledge of C.I.A. (confidentiality, integrity, availability) security principles and D.I.E. (distributed, immutable and ephemeral) security model.
  • Experience with data encryption, cryptography and encryption key management.
  • Experience with configuration management and DevOps practices to ensure security is built into the SDLC process.

Nice-to-haves

  • Passion for application security and continuous learning.
  • Able to concisely communicate security risks to both technical and business audiences.
  • Attention to detail.
  • Ability to work independently, and as part of a team.
  • Ability to multitask and prioritize work effectively.

Benefits

  • Medical, dental, vision, and prescription drug coverage.
  • Unlimited paid time off (PTO).
  • Adoption or surrogate assistance.
  • Donation matching.
  • Tuition reimbursement.
  • Basic life insurance and accidental death & dismemberment insurance.
  • Supplemental life and accident insurance.
  • Commuter benefits.
  • Short term and long term disability.
  • Health savings and flexible spending accounts.
  • Family care benefits.
  • Generous 401K savings plan with a company match program.
  • 10-12 paid holidays annually.
  • Generous paid parental leave (birthing and non-birthing parents).
  • Voluntary benefits such as pet insurance, accident, critical and hospital indemnity health insurance coverage, life and disability insurance.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service