Senior Application Security Engineer
Remote US
Job Title
Senior Application Security EngineerJob Description
Remote:
In-office Expectations: This position is fully remote with no in-office requirements, (might require coming into an office 1 or 2x a year)
About Your Role:
Dotdash Meredith is looking for a Senior Application Security Engineer with a demonstrated track record of innovative thinking, technical expertise, and mentorship. This role will be tasked with supporting product managers, software development teams, vulnerability management and remediation, and improving security coverage throughout the SDLC.
As a highly visible professional within the Security team, you will be responsible for helping to set technical direction, managing technical projects, and collaborating with other groups within the organization.
About Your Contributions:
Product Management
Be a key advisor and advocate to the overall strategy and roadmap of the Product Security Program.
Provide technical leadership and guidance to the development teams to assist in the creation and design of software development features
Track and provide reporting to leadership on current program/project status.
Solutions
Research, design and implement application security solutions to address application security threats, and meet compliance obligations
Manage and support the integration of application security tools into the SDLC process.
Work with development teams to improve the security of CI/CD processes by ensuring version control for source code, scanning code for vulnerabilities in the build pipeline, and ensuring public/private repositories are trusted and secure.
Design and develop coding standards across infrastructure, application, and data security, building out guidelines and standards to drive a standardized set of security requirements that align with internal policies and meet external compliance/regulatory requirements.
Vulnerability Assessment
Manage and support application security tool deployments including static analysis, dynamic testing and software composition analysis tools
Assess the application threat landscape through threat modeling and architecture reviews
Conduct security source code reviews
Prioritize, triage and assist developers on the remediation of application security vulnerabilities
Develop metrics and reporting on the posture of the application security program
About You:
Technical Skills
4+ years experience in Application Security
Full stack development experience preferably in Java, Javascript and/or Python
Application Development and Security
Knowledge of the current Application and Product Security threat landscape and industry best practices and how to implement them at a business-wide level
Knowledge of SANS/CWE Top 25, OWASP Top 10 Application Security principals.
Deep understanding of developing security policies, standards and procedures and experience with implementing them across the organization.
Experience with data encryption, cryptography and encryption …
This job isn't fresh anymore!
Search Fresh JobsJob Profile
- Develop security policies and procedures
Application Security Cloud Computing Cryptography Full-stack development HTTP Java Javascript OSI model OWASP Top 10 Penetration Testing Product Management Python Research Risk Management TCP/IP Threat modeling TLS
Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9