Application Security Engineer

About the position

The Application Security Engineer position is a mid-tier role in the RxSense Information Security team that will focus on assessing and managing risks in the application security domain. In this role you will act as an application security SME on project teams and be responsible for performing various security touchpoints throughout the RxSense Software Development Lifecycle. Must be aware of and comply with all aspects of the RxSense Information Security Program and the policies contained therein. Must always understand the importance of maintaining Information Security in all Business Operations.

Responsibilities

• Work with development and product teams to define security requirements and ensure they are followed
• Partner with development and product teams to drive remediation of security gaps
• Coordinate 3rd party penetration tests and work with internal teams to remediate findings
• Perform architecture and design reviews on company applications
• Monitor and analyze application security logs and events to detect and respond to security threats
• Perform monitoring and management of Web Application Firewall
• Interpret and manually validate Static Application Security Testing (SAST) results
• Manage SAST, SCA and DAST tools to ensure comprehensive testing and remediation of findings
• Analyze and report on risks discovered through application security testing
• Participate on project teams as InfoSec representative
• Ability to quickly adapt to changing priorities as business needs change
• Excellent interpersonal and communication skills a must

Requirements

• BS in Information Systems preferred but appropriate experience is acceptable
• 3+ years of experience in application security is required
• Must have the ability to identify, analyze and solve security risks pragmatically
• Familiarity with web application architecture, APIs, and cloud environments
• Experience with security standards and frameworks, such as OWASP, NIST, or CIS
• Practical understanding of common application security vulnerabilities
• Excellent problem-solving and analytical skills with demonstrated ability to investigate and solve complex problems
• Excellent communication skills are needed with demonstrated ability to work with multiple organizational functions and levels

Nice-to-haves

• Knowledge and experience with techniques, tools and practices pertaining to securing the SDLC (Software Development Lifecycle)
• Experience with software development, programming, scripting
• Experience with OWASP ZAP or Burp Proxy
• Experience with static application security testing tools
• Knowledge and experience with implementing and managing web application firewalls
• High level understanding of securing Cloud Platforms, AWS and GCP, cloud architecture
• Although the position is in application security domain, a broad interest/experience across the whole security domain would be an advantage
• Certifications a plus; GWAPT, GWEB, CISSP, etc.