Sr. Application Security Engineer onsite in Draper, Utah

1 Point System - Draper, UT

posted 13 days ago

Full-time - Mid Level
Draper, UT
Administrative and Support Services

About the position

The Sr. Application Security Engineer will play a critical role in enhancing the security posture of applications at Acima. This position involves collaborating with various teams to identify and mitigate security risks throughout the Secure Development Lifecycle (SDLC). The engineer will be responsible for building automated tools for code scanning, developing secure coding practices, and providing training to developers. Additionally, the role includes conducting penetration testing and security reviews to ensure robust application security standards are maintained.

Responsibilities

  • Collaborate with engineers, consultants, and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC)
  • Build automated code scanning tools to identify security vulnerabilities in application code and infrastructure code using both open source and commercial tools
  • Integrate open-source and/or commercial static application code scanning tools with the CI/CD Pipeline
  • Enable secure-by-default best practices by developing libraries and frameworks to prevent future vulnerabilities
  • Operate at enterprise scale by building and managing tools that help test, monitor, and improve application security
  • Develop security standards, preferred implementation patterns, secure common frameworks, and developer documentation and educational materials
  • Provide secure developer training to software engineers on how to write secure code and follow best practices
  • Conduct web app penetration testing, code scanning, dependency scanning that can be incorporated into SDLC process and CI/CD pipeline
  • Work closely and together with the development team to provide guidance and mitigate security vulnerabilities
  • Perform security architecture and design reviews of all systems and applications developed at Acima
  • Provide a leadership role in the development, implementation and maintenance of consistent application and infrastructure architecture security programs

Requirements

  • 3+ years of experience working in an application security role
  • Background in web application development and/or code auditing
  • Experience with static and dynamic code analyzers
  • Experience with software composition analysis tools
  • Web application penetration testing and source code vulnerability analysis skills
  • Extensive knowledge of internet security issues, cloud architectures, and threat landscape
  • General understanding of application and cloud security threats and vulnerabilities, including OWASP top 10, SANS top 25
  • Professional security certification: CISSP, GIAC, GWEB, GWAP or other similar credentials
  • Experience with BurpSuite, Zed Attack Proxy (ZAP), or similar dynamic testing tool
  • Knowledge of current development practices, including containerized applications, microservice architectures, serverless architectures, native mobile applications, responsive web applications

Nice-to-haves

  • Knowledge of current development practices, including containerized applications, microservice architectures, serverless architectures, native mobile applications, responsive web applications

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service