Application Security Engineer Role
● Understands and be comfortable explaining OWASP top 10
● Conducting initial triage assessments of findings from network security appliances
● Explain in detail common attack vectors such as buffer overflows, SQL injection, CSRF, XSS, to both software
developers and management
● Be a source of information security subject matter with an expertise in Web Application Security
● Security consultancy and advice to software development teams
● Providing teams with functional security requirements
● Security design reviews
● Security assessments, with and without source code access
● Provide ad-hoc penetration testing and retesting support
● Work closely with business Agile teams to promote secure code development by providing security
requirements throughout the development process
Application Security Engineer Responsibilities
● Promote security awareness by participating in Agile Release Trains and daily S2s
● Ensure new applications are accounted for and enrolled in the Application Security Process
● Influence customers to leverage security offerings, , escalate to management when concerns arise
● Be able to bridge the gap of technical risk and business impact and communicate appropriately to both
audiences
● Have experience in coding or QA and able to analyze code for security vulnerabilities.
● Develop software security guidance including training material, best practices, secure coding checklists,
reusable code
● Assist project teams with conceptualization and design of their architecture
● Based on their own strong development background with prominent web or mobile development languages
and frameworks
● Ability to perform manual assessments via tools such as HTTP Proxies (BurpSuite Pro, OWASP ZAP),
automation scripts, shell scripting w/ curl, fuzzers and other commercial and open source tools
● Experience implementing and integrating Selenium into security / regression testing a plus.