Application Security Engineer

Our client, a leading media and entertainment company is hiring an Application Security Engineer on a contract basis.

• 5+ years of relevant experience in Information Security Engineer roles
• Experience identifying and helping to resolve common application security flaws (e.g. OWASP, SANS)
• Subject matter expertise on secure design & coding practices
• Experience working with AWS or other cloud environments
• An understanding of network and related protocols (TCP/IP, HTTP, VPNs, etc) and ability to use inspection tools (Burp, Wireshark, etc)
• Understanding of Vulnerability Management, risk determination, and other general security testing principles with the ability to provide specific recommendations on how to fix vulnerabilities
• Experience analyzing complex systems to perform Threat Models
• Coding experience: ability to code against vendor APIs, manage code using git, work with ticket tracking systems, etc.

• Familiarity with industry regulations, such as PCI, GDPR, LGPD, and CCPA
• Contributions to Open Source Software
• Various security certifications from SANS, ISACA, ISC2, etc
• Coding experience in TypeScript and NodeJS
• Experience with IAST, RASP, DAST, SAST
• Security modeling structures: STRIDE, DREAD, CVSS, OCTAVE, MIL-STD-882E, etc
• Experience with Infrastructure-as-Code (CloudFormation, Terraform, Ansible, etc) and Security-as-Code

• Collaborate with other engineers in security code reviews to identify and fix issues in our applications and infrastructure
• Develop and code tooling to automate manual security processes
• Lead security-related projects from inception to successful completion
• Perform hands-on internal assessments on our platform and infrastructure
• Conduct regular security and risk assessments of clients applications, infrastructure, and security controls.
• Interface with other teams and take a leadership role in driving customer security and privacy initiatives.

• Apply Now