Senior Application Security Engineer
RoundGlass, United States

• Work closely with engineers to provide expert advice on secure SDLC (automated and manual code-review), and modern application security best practices,
• Protect the company and its customers by identifying threats to company system, services and data while proposing remediation and mitigations actions and to reduce security risk
• Provide guidance on hardening end-points, containers, APIs, applications, operating systems (e.g., Windows and Linux) and AWS cloud environments
• Educate developers on security best practices including OWASP Top 10 vulnerabilities
• Develop and monitor security standards for applications, endpoints, servers, containers, operating systems
• Drive the configuration of cloud security controls to reduce attack surface, enforce data/service segregation and enhance perimeter defense
• Review security alerts and determine appropriate courses of action based on the severity of the event
• Participate in cyber incident response activities, including containing and eradicating attackers, then identifying root cause and exploited gaps
• Educate users on secure best practices for protecting systems and data

• Bachelor's Degree in Computer Science, Cybersecurity, or Information Technology, and with at least 7 years of related application security experience
• Deeps experience in executing application vulnerability assessment and penetration (VAPT) testing, to include static and dynamic application security testing (SAST, DAST)
• Experience working as a security or software dev/engineer with knowledge of container, mobile, and API secure development practices
• Security testing and vulnerability identification tools including Kali Linux, Metasploit, Burp Suite, and vulnerability scanning tools
• Experience with multiple programming/scripting languages (Python, Perl, etc.) preferred,
• Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
• Experience working with cloud environments, such as AWS from both a developer and security perspective
• Experience with operating vulnerability scanning solutions and interpreting scan results to assist system owners in remediation
• Experience with developing security controls to support compliance programs, and monitoring/evaluating control effectiveness
• Experience in assessing the security posture of third parties and vendors
• Experience in monitoring security events to identify malicious activity, then executing response processes
• Deep understanding of network and communications protocols, to include recommendations for hardening to reduce exposed attack surfaces
• Experience using Mitre @ttack framework, Cloud Security Alliance and/or NIST cloud frameworks
• Deep experience in securely managing identity systems and controls to maintain least privilege and protect access to systems and data
• Ability to build scripts for analysis of large data sets to support security investigations and monitoring
• Deep understanding of modern attacker tactics, techniques and procedures.
• Ability to operate independently without frequent supervision or explicit direction
• Excellent written and verbal communication skills
• Industry related certifications are desirable

Job Rewards and Benefits