Application Security Engineer Job Description
Application security engineer
provides technical advice to internal organizations in the area of information security, specializing in application-level security and secure coding techniques.
Application Security Engineer Duties & Responsibilities
To write an effective application security engineer job description, begin by listing detailed duties, responsibilities and expectations. We have included application security engineer job description templates that you can modify and use.
Sample responsibilities for this position include:
Understands and be comfortable explaining OWASP top 10
Conducting initial triage assessments of findings from network security appliances
Explain in detail common attack vectors such as buffer overflows, SQL injection, CSRF, XSS, to both software developers and management
Be a source of information security subject matter with an expertise in Web Application Security
Security consultancy and advice to software development teams
Providing teams with functional security requirements
Security design reviews
Security assessments, with and without source code access
Provide ad-hoc penetration testing and retesting support
Work closely with business Agile teams to promote secure code development by providing security requirements throughout the development process
Application Security Engineer Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Application Security Engineer
List any licenses or certifications required by the position: CISSP, OSCP, SANS, GWAPT, AF, CEH, OSWE, GIAC, CSSLP, MCSD
Education for Application Security Engineer
Typically a job would require a certain level of education.
Employers hiring for the application security engineer job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Engineering, Information Security, Computer Engineering, Information Systems, Technical, Education, Cyber Security, Information Technology, Management
Skills for Application Security Engineer
Desired skills for application security engineer include:
OWASP Top 10
Python
Network security
Browser security model
Application security vulnerabilities
Applied cryptography
OWASP tools and methodologies
Secure coding techniques
Java
Cryptography
Desired experience for application security engineer includes:
Strong technical acumen, communication and influence skills
Security expertise, especially in secure coding best practices
Analytic sharpness in thinking like an attacker
Recognized good judgment
Able to build rapport quickly and remotely with new people
US resident
Application Security Engineer Examples
1
Application Security Engineer Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of application security engineer. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for application security engineer
- Promote security awareness by participating in Agile Release Trains and daily S2s
- Ensure new applications are accounted for and enrolled in the Application Security Process
- Influence customers to leverage security offerings, , escalate to management when concerns arise
- Be able to bridge the gap of technical risk and business impact and communicate appropriately to both audiences
- Have experience in coding or QA and able to analyze code for security vulnerabilities
- Develop software security guidance including training material, best practices, secure coding checklists, reusable code
- Assist project teams with conceptualization and design of their architecture
- Based on their own strong development background with prominent web or mobile development languages and frameworks
- Ability to perform manual assessments via tools such as HTTP Proxies (BurpSuite Pro, OWASP ZAP), automation scripts, shell scripting w/ curl, fuzzers and other commercial and open source tools
- Experience implementing and integrating Selenium into security / regression testing a plus
Qualifications for application security engineer
- Interest in security quality processes (as a practitioner)
- Strong foundation in security technologies such as Web Security, Cloud services, Identity/Access Management, Web Application Firewalls, Intrusion detection
- Expert in building repeatable and automated security test suites
- Expert in integrating vulnerability scanners into software delivery pipelines
- Good understanding of architectural patterns like REST
- Experience with tools like Stash, Git and Jenkins
2
Application Security Engineer Job Description
Job Description Example
Our company is growing rapidly and is hiring for an application security engineer. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for application security engineer
- Advocate for OWASP Application Security Verification Standard (ASVS) as an internal standard, explain how it applies to application development teams, and why it matters
- Application security reviews
- Provide security guidance documentation and security tool development
- Regularly audit vulnerabilities at the application layer
- Identifying security problems and providing solutions
- Supporting standards-compliance in secure system development, support, assessment, remediation, and configuration/change management
- Producing architecture diagrams and documentation in support of incidents
- Have a deep understanding and hands on experience of secure software development practices including threat modeling, secure design principles, secure coding, code analysis, security testing
- Have specific application security vision across multiple verticals such as cloud/service provider, security provider, mobile, appliance
- Implement security automation as part of assessment and CI/CD
Qualifications for application security engineer
- Experience performing blackbox/greybox/whitebox security assessments of applications (application pentests) which use HTTP and/or proprietary protocols
- Working knowledge of web application security and testing
- Awareness of the principles of a Secure Development Lifecycle
- Independent Security Research
- J2EE, Web Frameworks or API Security
- Understanding of iOS and Android Security
3
Application Security Engineer Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of application security engineer. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for application security engineer
- Contribute to the security architecture, assist in building process for secure code development and deployment involving truly cutting edge technology and massive clusters of servers
- Develop and oversee secure code analysis program in conjunction with the development teams
- Review of full suite of internal, commercial, and open source applications for vulnerability management
- Research and analyze application behaviors and improving security and stability
- Work to insure that security solutions achieve a balance of performance, security, and compatibility
- Provide tier 3 engineering support to troubleshoot complex problems
- New security sensitive functionality
- New application infrastructure, entirely new SOA services required a feedback from a security engineer
- Review implementation code of critical projects
- Collaborate with colleagues across a variety of teams to architect & ship projects securely
Qualifications for application security engineer
- Authentication Technologies for Single Sign On
- BA/BS degree or military experience
- At least 3 years of experience managing and/or consulting in Information Security
- At least 3 years of experience performing manual penetration tests
- At least 2 years of experience with performing risk assessments, secure network architecture, and vulnerability management
- At least 2 years of experience coding web applications
4
Application Security Engineer Job Description
Job Description Example
Our growing company is searching for experienced candidates for the position of application security engineer. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for application security engineer
- To advise on the security architecture of new technology projects
- Evaluate and provide recommendations on third party applications and services and the security implications associated with their use
- Instrument and perform anomaly analysis of systems and applications
- Ability to discover new and interesting security problems as well a fix them
- Build, deploy, and maintain instrumentation and security controls in and around our code
- Work closely with our application development and infrastructure architectural teams to create code secure by design and default
- Create programmatic code review and penetration test applications to decrease potential introduction of vulnerabilities within our code
- Contribute to vulnerability detection and remediation of our technological offerings
- Deploy developed or OTS security applications to support our efforts
- Participate in a cross-functional response to cyber security incidents
Qualifications for application security engineer
- At least 2 years of experience remediating web application vulnerabilities
- At least 4 years of Information Security experience supporting the Financial Services sector
- At least 5 years of experience manually pen testing web applications
- At least one year of experience in performing Application Security for Agile environments
- Certification in the field of Information Security (CISSP, CISM, CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, GWEB)
- At least 1 year experience in development
5
Application Security Engineer Job Description
Job Description Example
Our growing company is looking to fill the role of application security engineer. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for application security engineer
- Support the scoping and rules of engagement of our penetration testing regime
- Help develop and deliver training around secure development lifecycle and secure coding practice
- Maintain and support application security tools, including static and dynamic security analysis solutions, and develop related documentation
- Participate in the development of process documentation
- Exercises judgment within defined procedures/practices to determine appropriate action
- Serving as a core member of an engineering team that designs and develops software applications/packages/components focused on application security
- Working with product team to prioritize features for ongoing sprints and managing a list of technical requirements based on industry trends, new technologies, known defects, and issues
- Agile Product Owner for Security
- Manages and audits the code review process within the SDLC
- Maintain an annual schedule and execute penetration tests against the corporate portfolio of applications
Qualifications for application security engineer
- 5 years of experience manually pen testing web applications
- One year of experience in performing Application Security for Agile environments
- A certification in the field of Information Security such as CISSP, or CISM, or CEH, or GIAC CPEN, or OSCP, or OSWE, or CWAPT, or GWAPT, or GWEB
- Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing)
- Knowledgeable regarding browser security controls (CSP, XFO, HSTS, ), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH)
- Bachelor's degree in Computer Science, Engineering, Mathematics, or a related discipline