Application Security Engineer

Spiralogics International . (Posted: 1 month ago)

Deadline: 6 Days Left

Based on experience


Mid Level



Job Type

Full Time


Bachelors in Computer Science


More than 5 years


Essential Job Duties

  • Perform vulnerability and penetration testing.

  • Document security findings with reasonable methods to secure.

  • Focus on automation to aid inefficiencies with both testing and remediation of findings.

  • Work in tandem with developers to provide repetitive validation testing

  • Prior to production while allowing for a continuous cycle of development followed by application security assessments.

  • Regularly monitor the security community for public-facing security issues,as well as o learn new tactics that can be used in testing.

  • Attend and participate in application projects and change management committees. * This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning.

  • Fully define and follow a security review process to ensure an automated and
    repeatable process is managed. This can be through the use of dynamic and
    static code analysis resources.

  • Use security standards and implementation configurations, as well as common

  • Security frameworks.Document delivery and implementation advances that meet
    defined service-level agreements

  • (SLAs) and business metrics.

  • Align with architects and development teams for a mission of secure design.

  • Train developers and junior application security engineers on weaknesses to

  • Actively participate and lead security team meetings that facilitate secure

  • Highly engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects. Additionally, deliver projects on time, within budget and in accordance with SLAs.

  • Focus on application security that observes compliance – Health Information
    Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA),
    Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. – and privacy

  • Work in tandem with architects, the security operations center (SOC), incident responders (when anomalous activity and host compromise occurs), and technology infrastructure and development team members.

o Respond to and handle service and escalation tickets within SLA

  • Develop security test plans from architectural design. Identify deficiencies
    and make enhancements to ensure production is not impacted.

  • Drive security efficiencies, enabling security team members to work on more
    advanced tasks.

  • Conduct performance testing to stress the limitations of security solutions
    while ensuring business innovation and day-to-day processes are not negatively

  • Perform other duties as assigned.

Skills and Experience

  • At least 5+ years’ experience in cybersecurity, including compliance and
    risk management with a system and network security engineering background.

  • Highly technical and analytical experience, with a proven deep background
    (preferred 5+ years’ in addition to cybersecurity) in application programming.

  • Experience in threat modeling applications.

  • Vulnerability and penetration-testing skills.

  • Excellence in communicating business risk from cybersecurity issues.

  • Proficiency in software development (Java, Python, C++, Ruby, etc.).

  • Solid understanding of network and web protocols.

  • Experience with security of intra-company and third-party APIs.

  • Experience with dynamic and static analysis tools.

  • Track record of acting with integrity, taking pride in work, seeking to
    excel, being curious and adaptable, and communicating effectively.

Additional Qualifications

  • Experience with applications hosted in Amazon Web Services (AWS) or
    Microsoft Azure.

  • Experience with cryptography controls and measures to secure applications
    and data. Proficiency with scripting in Python, JavaScript, PowerShell, PHP or

  • DevOps background in public and private clouds.

  • Experience with one or more of the following: ISO 27001, NIST, PCI Data Security Standard (PCI DSS), HIPAA, Health Information Technology for Economic and Clinical Health (HITECH) Act, SOX, the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards or Service Organization
    Controls (SOC) 2.

  • Working knowledge of Windows, Linux and Unix.

  • Familiarity with state privacy laws.

  • Highly trustworthy; leads by example.


#Analytical #Apis #Leadership #Technical #Javascript #Trustworthy #Php #Aws #Python #Java #Accountability #Management #Programming #Software #Scripting #Powershell #Ruby #C #Technology #Testing #Automation #Other is one of the leading online job portal and software company in Nepal. Our primary goal has always been providing recruitment solutions to employers finding, Read more...