ALBUM

30

companies

271

Jobs

My job alerts

Application Security Engineer ›

Filevine

Salt Lake City, UT, USA

Posted on Dec 22, 2024

Review code for security vulnerabilities and assist in remediation.
Maintain accurate library dependency trees and correlate with CVE information.
Support penetration testing efforts in the company, including coordinating customer-initiated penetration tests and remediation efforts.
Provide primary support for private bug bounty or public bug bounty efforts and facilitate remediation with appropriate development teams.
Investigate claims of application security incidents.
Provide vulnerability remediation efforts and lead the vulnerability management program for the security team.
Identify end of support (EoS) and vulnerable libraries and code components which need to be prioritized for remediation and lead efforts of documenting and scoping necessary work.
Develop company-wide best practices for product and platform security.
Research security enhancements and make recommendations to management.
Stay up-to-date on application security trends and development standards.

4+ years combined in information technology/security with emphasis on application security.
A BS/MS degree in a technical field such as information security or computer science can be considered as supplementary experience.
Experience with scripting and development languages (e.g., JavaScript, Python, C++)
Automation skills are required.
Strong history in advising and executing red-teaming exercises and alerting the SOC for appropriate incident response.
High degree of familiarity with web application security best practices and implementing secure enterprise web applications.
Significant experience with SIEM and logging technologies.
Knowledgeable with Threat Hunting practices.
Experience with SDLC processes and creating code scanning automations and run books / play books.
Experience with SAST scanning tools for code scanning and remediation processes.
Experience with DAST scanning tools for application testing
Experience with hardening web services, load balancers and web application endpoints.
Experience with Configuring WAF solutions and ensuring rules are aligned with the OWASP Top 10 recommendations.
Experience with AWS, GCP and Azure cloud infrastructure security.
Working knowledge of security requirements for SOC 2 Type I & II, HIPAA, GDPR, CCPA and CJIS.
Strong project management experience.
A strong curiosity, initiative, persistence, and willingness to experiment to provide solutions to diverse technical challenges.
Strong team player and work ethic are essential.

Significant experience with software engineering, incident response and security operations best practice.
Significant experience with orchestration and observability tools.
CCIE certification or equivalent experience.
CISSP certification or equivalent experience.
OSCP/GPEN/GXPN certification or equivalent experience.
GSEC certification or equivalent experience.
CISM certification or equivalent experience.