This job has expired, please see additional jobs below
Information Security Engineer - Application Security
Entertainment & Media Industry Company
San Francisco, CA, United States
Job Details - this job has expired, please see similar jobs below
Role Description:
Company is seeking an Application Security Engineer to join Company’s Security team. A successful candidate in this role will be responsible for designing, building, assessing and deploying systems to protect Company against Information Security Threats. A candidate for this job enjoys a challenge and will work with the security and development teams to build systems that will protect Company infrastructure against attacks.
About You:
Are you motivated, self-driven, and passionate about your work? Do you enjoy coming up with ideas to solve complex security problems? Do you enjoy not just breaking things but also putting them back together? Do you feel compelled to write tools for the greater good?
If you choose to join the Company’s Enterprise Information Security Team, your mission will be to ensure that our customers' most precious data remains secure. This is an exciting opportunity in a growing security team where you will get a chance to work in many different security areas ranging from infrastructure security, security architecture and engineering, security operations, incident response, and red teaming. You will also get an opportunity to share your ideas, thoughts and challenges with your peers outside the company.
Primary Responsibilities:
• Improve Company’s ability to protect its environment through design, development, and implementation of secure software development(SDL) practices
• Work across Incident response, risk and compliance, product security and development teams to solve critical security problems.
• Research emerging technologies and maintain awareness of current security risks in support of security enhancement and software development efforts.
• Evangelize security throughout the enterprise and drive changes needed to respond to emerging threats.
• Develop and enhance automated security testing in an Agile and CI/CD environment
• Develop secure coding practices and provide hands-on training to development teams
• Participate in red teaming exercises and other internal security awareness activities
Required Skills & Qualifications:
• Master’s degree (M.S) in computer science or related field, or Bachelor's degree (B.A.) and equivalent work experience, education requirements can be relaxed for the right candidate.
• 3-5 years’ experience in relevant field.
• Experience with Secure Software Development LifeCycle.
• In-depth knowledge of web application vulnerabilities and ability to articulate their impact to business users.
• 2 to 3 years’ experience in Application Penetration Testing.
• Experience with performing Threat Modeling and designing secure architecture.
• Experience with DAST , IBM AppScan, HP Web Inspect, Burp, etc.
• Experience with SAST static web application and services testing tools – HP Fority, Checkmarx, etc.
• Experience with DevOps and Secure DevOps.
• Experience and knowledge of developing and debugging C/C++ and Java.
• Experience of HTML5, Javascript, PHP, Bash, Python or Perl
• Experience of RDBS, NoSQL, Hive/Hadoop is a plus.
• Experience of application vulnerabilities, threat modeling and secure SDLC.
• Knowledge of Network and Internet Architecture
• Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team
Desired Skills:
• Advanced interpersonal skills to effectively promote ideas and collaboration at the various levels of the organization
• Knowledge of mobile security, including experience implementing security controls
• Experience working with security vendors, including submitting feature requests, evaluating products and analyzing security functionality of a diverse set of product
• Experience writing security white papers and/or presenting security products and technologies to diverse audiences
• Experience with securing cloud and container environments