Senior Application Security Engineer Resume Samples

4.7 (95 votes) for Senior Application Security Engineer Resume Samples

The Guide To Resume Tailoring

Guide the recruiter to the conclusion that you are the best candidate for the senior application security engineer job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.

Craft your perfect resume by picking job responsibilities written by professional recruiters

Pick from the thousands of curated job responsibilities used by the leading companies

Tailor your resume & cover letter with wording that best fits for each job you apply

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Resume Builder
CHOOSE THE BEST TEMPLATE - Choose from 15 Leading Templates. No need to think about design details.
USE PRE-WRITTEN BULLET POINTS - Select from thousands of pre-written bullet points.
SAVE YOUR DOCUMENTS IN PDF FILES - Instantly download in PDF format or share a custom link.

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Create a Resume in Minutes
VS
V Schuppe
Vivian
Schuppe
269 Curtis Hill
Houston
TX
+1 (555) 959 2560
269 Curtis Hill
Houston
TX
Phone
p +1 (555) 959 2560
Experience Experience
New York, NY
Senior Application Security Engineer
New York, NY
Jerde-Lebsack
New York, NY
Senior Application Security Engineer
  • You will perform on-going security code and testing review to improve software security
  • Develop new security frameworks for desktop and web based applications
  • Assist in the evaluation, selection, onboarding and management of AppSec vendors and consultants
  • Working knowledge of web and mobile application development and security vulnerabilities
  • Perform on-going code review to improve software security
  • Assist software development teams with the design and implementation of security solutions
  • Develop security training and outreach to internal development teams
Boston, MA
Senior Application Security Engineer
Boston, MA
Cummings-Lubowitz
Boston, MA
Senior Application Security Engineer
  • Evaluate application security tools for internal consumption. Develop new automation and tooling to improve our detection and prevention capabilities
  • Develop secure code practices and provide hands-on training to developers and quality engineers
  • Perform security reviews and provide insights throughout all phases of software development
  • Work with IT Groups to define, develop, socialize and execute long-term application security roadmap, including
  • Threat model web applications and work with development team throughout the agile SDLC
  • Assistance with recruiting activities and administrative work
  • Develop new security solutions / tools to prevent security vulnerabilities and assist in addressing existing security problems
present
Chicago, IL
Senior Application Security Engineer Client
Chicago, IL
Anderson-Gottlieb
present
Chicago, IL
Senior Application Security Engineer Client
present
  • Perform security and privacy risk assessments on internally developed software, infrastructure components and submitted proposals
  • Develop and enhance new and existing security-focused tools and services
  • Provide subject matter expertise on architecture, authentication and system security
  • Evaluate the impact to the organization of current security advisories, publications, and academic research papers
  • Comprehension of encryption technologies (e.g. TLS, HMAC, RSA, AES, PKI)
  • Knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc
  • Assist in the development and execution of a Security Management program across multiple, agile software development teams
Education Education
Bachelor’s Degree in Computer Science
Bachelor’s Degree in Computer Science
University of Virginia
Bachelor’s Degree in Computer Science
Skills Skills
  • Strong knowledge of web application security issues
  • Security Certifications - CISSP, CISA or equivalent highly desirable
  • Experience using WAF technologies is highly desireable
  • Basic level proficiency with Windows and Linux operating systems
  • In-depth knowledge of web application vulnerabilities and ability to articulate their impact to business users
  • Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team
  • Adaptability: Quickly learn new technology stacks, programming languages, and frameworks
  • Basic level understanding of the layers of the OSI model
  • Intermediate level proficiency with SQL and Oracle databases
  • Ability to identify security vulnerabilities from source code reviews and testing
Create a Resume in Minutes

15 Senior Application Security Engineer resume templates

1

Senior Application Security Engineer Resume Examples & Samples

  • Manual and automated review of source code (Android, Java, PHP, Python, Ruby C#, Objective C, C++) for security vulnerabilities
  • Dynamic assessment of websites, web services, mobile applications
  • Development of internal assessment tools
  • Developing the application security program through a very close collaboration with all development teams.​
  • Involved in creation of all the necessary documentation for execution of application security program.​
  • Attends design reviews and actively leads the discussions from a security standpoint.​
  • Evaluates application development and implementation activities for possible vulnerabilities.​​
  • At least 2 years of application security experience
  • Solid development background
  • Experience with secure coding guidelines, static and dynamic analysis
  • Experience in remediating complex enterprise level security issues
  • Experience with usage and customization of commercial static and dynamic analysis tools
  • Working knowledge of programming languages such as Java, PHP, Python, C# and web based technologies
  • Knowledge of regulations and security compliance such as PCI, COPA, Safe Harbor
  • Good communication in English with both oral and written experience with presentations and reports
2

Senior Application Security Engineer Resume Examples & Samples

  • Ability to conduct security assessments, reviews and penetration testing of applications
  • Perform product code audits
  • Drive secure life cycle development processes, tools and methodologies throughout the organization
  • Design and develop tools to detect security loopholes and prevent fraud
  • Perform security vulnerability studies and additional security related research activities
  • Consult with product development and quality assurance organizations on secure development
  • Optimize security tools to meet current and future threats
  • BSCS degree with 8+ years of experience or a MS degree with 6+ years of experience
  • 5+ years of related hands-on application security experience
  • Proven ability in application security processes and organizational design
3

Senior Application Security Engineer Resume Examples & Samples

  • BS degree in Computer Science / Engineering or a related field, or equivalent experience
  • MS or PHD from a top university highly preferred
  • Expert level of experience with C# on windows platforms
  • Extensive experience in building and debugging Linux kernel modules
  • Experience in programming on a multi-threaded environment
  • Experience with the complete software development life cycle, from requirements to design, implementation, testing, and release
  • Ability to work on multiple projects at a time in a fast paced environment
4

Senior Application Security Engineer Resume Examples & Samples

  • A proven track record in application security
  • Software engineering experience in one or more of the following: Java, Python, PHP, Chef, Objective-C, Swift
  • Knowledgeable with back end security topics such as secret management and service authentication
  • Experience in development across multiple platforms would be beneficial(Mobile, Console, Web etc.)
  • Experience in developing solutions in the cloud would also be beneficial
  • Comfortable dealing with ambiguity and conflicting priorities
  • Thirst for knowledge and constant learning to stay up to date with the threat landscape
5

Senior Application Security Engineer Resume Examples & Samples

  • Apply established and ad hoc processes and techniques to identify, validate, prioritize, and track security risks
  • Operate and monitor established security controls
  • Identify control deficiencies and make appropriate recommendations
  • Review, triage, and prioritize control output
  • Identify, evaluate, and recommend new security technologies, techniques, and tools
  • Establish and promote strategies to ensure that compliance is effectively monitored and enforced
6

Senior Application Security Engineer Resume Examples & Samples

  • Plan and conduct complex application security testing against a variety of applications within the Scottrade architecture
  • Lead projects and team initiatives to provide technical recommendations within the discipline
  • Provide process capability improvements of application security processes and assist with the maturation of application security processes and tools
  • Assists with design reviews of applications for potential security design flaws
  • Report to management the status of remediation efforts of various Scottrade applications
  • Create, document and report metrics on current application vulnerabilities
  • Assist with the development of secure coding standards, policies and guidelines
  • Assist with incident handling and response activities as needed
  • Excellent technical and business communications skills, both written and verbal
  • Expert level knowledge of common application vulnerabilities, (e.g., XSS, SQLi, OS command injection, cookie manipulation and session hijacking)
  • Expert level knowledge of secure communications and encryption technologies
  • Intermediate level understanding of XML, SOAP and AJAX
  • Intermediate level web programming ability (e.g., ASP.NET, PHP, Perl CGI, or Java)
  • Intermediate level proficiency with SQL and Oracle databases
  • Basic level proficiency with Windows and Linux operating systems
  • Ability to identify security vulnerabilities from source code reviews and testing
  • Ability to define application security requirements for projects
  • Expert level ability to research and build secure application level solutions
  • Highly motivated with strong attention to detail, excellent organizational and communication skills with the ability to handle multiple tasks in a fast paced environment
  • Intermediate level proficiency with Microsoft Word, Excel, Project, PowerPoint, Visio and Outlook
  • Foster company success through a professional appearance, being courteous to customers and all Scottrade associates and by having a positive attitude
  • Bachelor’s degree in Business, Management Information Systems or Computer Science, or equivalent combination of education and experience required
  • 6+ years information security or 7+ years information systems experience of similar complexity required
  • 3+ years experience performing application security tests against web sites or web applications required
7

Senior Application Security Engineer Resume Examples & Samples

  • Become an expert in the Lending Club software stack to understand points of weakness and opportunities for application security solutions
  • Contribute to and improve our internal Software Security Development Lifecycle
  • Maintain application security tools and services to ensure quality within Lending Club’s Software Security Development Lifecycle
  • Evangelize security within the development organization through awareness proliferation activities such as mentoring, engineer onboarding training, Security Champ collaboration, and development and procurement of application security related events such as CTF competitions and Red Team activities
  • Manage vulnerability discovery and remediation efforts from sources like static, dynamic, and crowd-sourced web application testing technologies and report on their success
  • Maintain an active membership and participation in the greater AppSec community
  • Assist with management of a Responsible Disclosure Program and Bug Bounty Program
  • Assist in the evaluation, selection, onboarding and management of AppSec vendors and consultants
  • Contribute to and develop AppSec testing / unit testing requirements for security features and functions
  • Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
  • Knowledgeable regarding browser security controls (CSP, XFO, HSTS, etc.), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH)
  • Knowledgeable regarding back end security topics such as secret management and service authentication
  • Good project management skills
  • B.S. Computer Science or similar combination of education and experience
8

Senior Application Security Engineer Resume Examples & Samples

  • Perform application security assessments including architecture review, threat modeling, code review and penetration testing
  • Automate security testing at scale by building and implementing static and dynamic analysis tools, integrating security into the software development lifecycle
  • Employ knowledge and deep understanding of threat landscape, SaaS industry, and customer feedback to drive the pipeline of impactful security features
  • Assist and enable engineering teams to adopt secure development practices
  • Work closely with engineering and product teams to drive security issues to resolution
  • Develop software security guidance including training material, best practices, secure coding checklists, reusable code, etc
  • Experience performing architecture reviews, threat modeling, code reviews, and/or penetration testing
  • Hands-on experience with tools and technologies used throughout secure SDLC (e.g., Fortify SCA, Coverity, AppScan Standard/Enterprise, WebInspect)
  • Knowledge of micro-services architecture and containers is a plus
9

Senior Application Security Engineer Resume Examples & Samples

  • Act as a protector of the Salesforce brand in relation to trust and security
  • Act as an advocate within Salesforce for making security a priority area for educating Salesforce customers
  • Manage asset creation and delivery via marketing and other channels. This includes putting together materials such as web content, blog posts, and event collateral, as well as identifying the the most effective ways to reach customers so they use the information to take action to make their Salesforce implementation more secure
  • Manage event logistics for Salesforce events for Administrators and users
  • Collaborate with marketing, PR, product management, support, and other stakeholders, to create and distribute world-class resources
  • Contribute to content around relevant security best practices
  • Responsible for maintaining a portfolio of 6-8 simultaneous projects with lifecycles ranging from 2 weeks to 6 months. This includes but is not limited to: defining project scope, deliverables, schedules and tasks for anticipated business requirements
10

Senior Application Security Engineer Resume Examples & Samples

  • Globally identify, document, measure and communicate technical Information Security risks across the organization’s data networks, systems, and applications using standard company toolsets and common industry exploitation techniques to identify attack surfaces
  • Build and implement enhanced methodologies to effectively communicate technical attack vectors to executive level business leaders in business terms
  • Monitor and research industry information sources for zero-day threats and emerging security trends and vulnerabilities impacting the organization
  • Recommend, direct, and implement best in class technology and business process solutions to mitigate and reduce threat to the global organization
  • Well versed understanding of coding and scripts, and provide best coding practices in agile development model
  • Possess a strong understanding of secure architecture designs
  • Understanding of emerging technologies such as DevSecOps, Agile Development, Cloud Compute Technologies and Platform, etc (Amazon AWS)
  • 4-6 years of combined application and network penetration, AppSec, wireless security, and vulnerability management experience
  • Strong experience in the field of Information Security and Application Security experience
  • Extensive knowledge and ability to conduct internal, external, social, wireless, and application penetration testing using a wide variety of exploitation techniques, tools, and procedures
  • Solid knowledge of security attack methodologies, tools and processes
  • Must possess strong security experience – a strong fundamental expertise and experience in security penetration testing / research, application architectures and technology, knowledge in OWASP Top 10 vulnerabilities, web application vulnerabilities and web application business logic flaws and threats, cloud security standards, secure code analysis, secure SDLC, and securing enterprise multi-platform systems, agile development, and emerging technologies
  • Familiarity with Cloud technology – AWS platform and services, and Google Big Query/GCE/GCS, etc
  • CICD (Continuous Integration Continuous Development) – Circle CI, Jenkins, GitHub, etc
  • Must be results focused – a strong problem solver with a strong desire to constantly research and master new concepts, technologies and solutions related to Information Security quickly and apply to ongoing tasks and deliverables
  • Must demonstrate excellent written and verbal communication skills. Must be able to effectively lead meetings and conference calls involving IT, legal/HR, and/or client contacts and write security incident and investigative reports
  • GPEN, OSCP, GXPN, SMFE, GWAPT, GAWN ISSP, CEH, GSEC, or CISM certification is preferred
11

Senior Application Security Engineer Resume Examples & Samples

  • Mobile security reviews
  • Threat modeling
  • Security guidance documentation
  • Security tool development
  • Security metrics delivery and improvements
  • This position requires the applicant selected to obtain and maintain a Top Secret security clearance with Sensitive Compartmented Information (TS/SCI) eligibility and access. A US Government administered polygraph examination will be required. TS/SCI eligibility is not required to start; however, the applicant selected will be subject to a Single-Scope Background Investigation (SSBI) and must meet eligibility requirements for access to classified national security information. Applicants with a current SSBI, SBPR, or PPR, may be eligible for crossover in accordance with ICPG 704.4
  • An understanding of web services
  • MVP221982
12

Senior Application Security Engineer Resume Examples & Samples

  • You enjoy both breaking and building
  • Strong knowledge of web application security issues
  • You are interested in teaching security since we’re all in this together
13

Senior Application Security Engineer Resume Examples & Samples

  • Evaluate new and existing security standards, tools and solutions
  • Participate in documenting processes and technologies that support secure software development practices
  • Participate in maintaining a security API used by our clients applications
  • Support developers in the areas of secure coding practices, vulnerability assessments, and remediation
  • Stay current with emerging software security technologies, industry trends, and attack vectors, with a primary focus on internal reference architecture and security standards
  • Operate and customize code scanning and review tools
  • Participate in secure code reviews of our clients applications
  • Participate in security incident response
  • Work with IT Groups to define, develop, socialize and execute long-term application security roadmap, including
  • Conduct in-house code reviews, static analysis and dynamic analysis on software products
  • Conduct manual and automated security testing of our clients applications
  • Perform day-to-day operations of static analysis tool and IDE plug-in support
  • Assist with the remediation of security vulnerabilities found via code scanning and manual inspection and penetration testing
  • Help review static analysis tool findings with product teams and other IT stakeholders; participate in manual code inspections
  • Review dynamic analysis tool findings and identify sources of problems with product teams and other IT stakeholders
  • Maintain common security API used by our clients software products
  • Strong and evolving competence in several programming languages and technologies, mastery of one or more tools sets, technologies and implementation environments
  • Advanced knowledge of programming languages, relational database management systems, networking technology, multiple desk operating systems and multiple server operating systems
  • Understanding of modern software engineering principles and practices
  • Strong problem solving and analytic skills
  • Must have strong knowledge in one or more of the following: HTML, JavaScript, DOM, AJAX, CSS/CSS2, XML, XHTML, DHTML, etc
  • Experience writing automated unit tests
  • Must have adequate knowledge of J2EE and/or .NET technologies
  • Knowledge of Cross-Site Scripting (XSS), HTTP Request Smuggling, SQL Injection, RFI (Remote-File Inclusion), LFI (Local-File Inclusion), CSRF (Cross-Site Request Forgery), Response Splitting, OWASP Top 10 and other attack vectors a plus
  • Knowledge of OWASP Web Security Certification Criteria, OWASP testing guidelines and PCI Data Security Standards is a plus
  • Experience with one or more of the following tools nmap, wikto, nessus, whisker, crowbar, Paros, suru, Wireshark, TCPDump, ISS is a plus
  • Experience with one or more of the following web app scanners - IBM AppScan (WatchFire), HP Web Inspect (SPIDynamics), Cenzic, Web Scarab is a plus
  • Experience in performing code reviews
  • Strong interest in IT Security with a passion to solve problems
  • Knowledge of TCP/IP, HTTP/S and other protocols
  • Any knowledge of one or more of the following is a plus but not required -- Python, Ruby, PHP or other scripting languages
  • Willingness to learn and try new things as well as extremely good research skills
  • Reverse engineering experience using one or more of the following tools -- (IDA, Olly, and SoftIce) is a plus
  • Experience with protocol analysis, forensic analysis is a plus
  • Experience installing, configuring and maintaining continuous integration (CI) environment(s) using tools such as Cruise Control, Cruise Control.NET, Hudson, Bamboo, Gauntlet, in a test driven development (TDD) process is a plus
  • Experience with one or more of the following static analysis tools are highly desired: Ounce Labs, Fortify, Klocwork, Prefix/Postfix, FindBugs, FxCop, and PMD
  • Additional certifications such as CISSP, ENCE, CCE, GCFA, GCIA, GCIH, CHFI and/or QSA are highly desired
  • Ability to travel when required
14

Senior Application Security Engineer Resume Examples & Samples

  • Provide engineering designs for the new software solutions to help mitigate security vulnerabilities
  • Define and enforce secure coding practices
  • Perform on-going code review to improve software security
  • Maintain security standards
  • Develop a familiarity with new security tools and best practices
  • Conduct security review prior to software release
  • Bachelor’s Degree in Computer Information Systems, Engineering or related (Ideally in computer science or engineering)
  • In-Depth understanding of web application security standards, including Open Web Application Security Project (OWASP) and Common Weakness Enumeration (CWE)
  • Experience in securing Web services using OAuth/SAML
  • Experience in SDL(Security Development Lifecycle), Threat modeling and Architecture Risk Analysis (ARA)
  • Experience with tools for security testing of web applications and Static Code Analyzer
15

Senior Application Security Engineer Resume Examples & Samples

  • Experience working in an Agile development environment
  • Familiarity with PCI and ISO27001
  • Recognized industry certification and/or continuing education programs are a major plus
  • Programming experience (bash, perl, zsh, Python, Java, C/C++). We're primarily a Java shop, but we work with multiple programming languages daily
16

Senior Application Security Engineer Resume Examples & Samples

  • 6+ years of experience crafting and implementing security solutions
  • Experience in application security, cryptography, network security and systems security
  • Knowledge of platform level vulnerability hardening or testing in Linux and Windows
  • Experience with cloud platform security, strongly preferred
  • Scripting skills (e.g., Perl, Python shell scripting)
  • Demonstrated strong sense of ownership and drive
17

Senior Application Security Engineer Resume Examples & Samples

  • Engineer, implement and monitor security measures for Perkin Elmer cloud based applications
  • Identify and define application security requirements (GXP experience a plus)
  • Design computer security architecture and develop detailed cyber security designs
  • Configure and troubleshoot cloud security systems
18

Senior Application Security Engineer Resume Examples & Samples

  • Assist in the development and execution of a Security Management program across multiple, agile software development teams
  • Drive adoption of embedded application security controls as part of our agile software development process
  • Assess applications for design-related security risks and assist teams in determining appropriate remediation for issues identified
  • Develop security training and outreach to internal development teams
  • Ensure customer security requirements and best practice standards are implemented and adhered to across the program
  • Assist software development teams with the design and implementation of security solutions
  • Apply defense-in-depth strategies to protect the company and its clients, e.g. ensure that every attack vector has multiple ways to be deterred, delayed, denied, detected, and defended
  • Drive implementation of threat and vulnerability management tools across multiple programs. This includes automated tests (where practical) and/or generation of reports showing the types of tests and systems being audited
  • Write documentation, including Visio diagrams, Word documents, and PowerPoint presentations
  • Support security automation throughout a development team’s CI/CD pipeline
  • Support other security team members as required
  • Stay up-to-date on the latest security threats, best practices, and technologies
  • Bachelor’s Degree or equivalent experience. Cyber Security, Information Assurance, or Information Security degree preferred
  • Knowledge of a wide breadth of information security topics. Be familiar with security at all layers of the OSI model and knowledgeable with security at the application layer
  • 8-10 years of experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, or system administration and network security
  • Well-versed in both Windows and Linux environments
  • Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge
  • Ability to work within an open, consensus-based organization
  • Must be able to deal with a highly-demanding client base and set client expectations appropriately
  • Must have both, strategic thinking and hands-on ability
  • Must have the ability and the vision to build a new program…with little guidance
  • Agile software development practices and DevOps experience
  • Experience with Incident response processes, tools, and techniques
  • Certifications proving hands-on capabilities
  • Cloud hosting experience
19

Senior Application Security Engineer Resume Examples & Samples

  • On a typical day, you'll analyze threats and vulnerabilities to determine security impact
  • Build technologies to detect and prevent security vulnerabilities
  • Help development teams build security into the Workday platform
  • Impact the product design by providing secure design patterns
  • Provide recommendations for hardening applications and environments
20

Senior Application Security Engineer Resume Examples & Samples

  • Able to test, validate and articulate all vulnerabilities identified in the OWASP top 10. Conduct, coordinate and perform application vulnerability assessments (dynamic & static) through the use of automated and manual tools
  • Review and analyze vulnerability data to identify security risks to the organization’s network, infrastructure, and application’s
  • Determine vulnerabilities that are false positives through code review AND manual validation
  • Interpret vulnerability data, communicate business impact and remediation actions to the technical teams and business leaders
  • Ability to create POC's to demonstrate vulnerability severity and potential impact
  • Prepare security vulnerability and risk management reports for management
  • Coordinate remediation of vulnerabilities within established timeframes
  • 8-10 years of experience in Information Security, Risk Management and/or Vulnerability Assessments, Technical Project Management
  • Strong knowledge of Application vulnerability scanners/tools, and source code analysis tools such as HP FOD, Appscan Standard/Source, Burp Suite, and Paros
  • Strong knowledge of systems scanning and assessments using Qualys or comparable vulnerability scanners. Strong understanding of common assessment tools and pen testing methodology. Familiarity with distributions like Kali Linux and Samurai WTF
  • Strong web application security experience with thorough understanding of web application vulnerabilities, including OWASP top 10
  • Strong understanding of Unix and Windows platforms, as well as TCP/IP protocols; experience with Active Directory, Proxies, Firewalls, UTM, Intrusion Detection/Prevention systems
  • Strong analytical skills particularly in regards to assessing the risk and impact of weak controls or new vulnerabilities; Strong documentation skills
  • Knowledge of HTML Javascript, CSS, XML, HTTP, HTTPS, SQL, TCP/IP
  • Able to multi-task in fast paced environment. Self-motivated with the ability to work under pressure with minimal supervision
  • Excellent organizational skills, highly detailed oriented, strong on workflow process and the ability to manage and follow-up on multiple/competing priorities effectively
  • Expert communicator with the ability to translate complex security information into concepts that developers / business owners / senior management and stakeholders can understand
  • Security Certifications - CISSP, CISA or equivalent highly desirable
  • Experience using WAF technologies is highly desireable
21

Senior Application Security Engineer Resume Examples & Samples

  • Penetration testing: you will examine chosen target systems in detail, looking for vulnerabilities and weaknesses, and, in collaboration with other penetration testing and red teams around the company, demonstrate the value of an “Assume Breach” mentality
  • Emerging Threat and Vulnerability Research - You will be identifying and evaluate new areas for research, perform analysis into emerging threats, including proactive security research on the technologies that Azure and our customers utilize and depend on
  • A very high level of creativity, excellent communication skills, and an ability to work independently are critical
  • Security Assessments - Parlaying research and knowledge into threat models and security assessments of Dynamics365 services, platforms, and infrastructure
  • You have a goal to prioritize areas of security risk while identifying and addressing risks that affect Azure’s ability to protect, detect, investigate, and recovery from security vulnerabilities and targeted attacks
  • To thrive in this position, you will need a deep technical understanding of multiple classes of security defects, along with a strong development skills and an understanding of popular languages and platforms, and the ability to learn new information at a rapid pace
  • A strong track record in security consulting, penetration testing, and general hacking are critical, but the willingness and drive to improve the state of the art overall is even more important
  • 10 or more years’ experience in a hands-on security role, with demonstrable software engineering skills and mastery of multiple classes of security defects
  • Strong coding skills in one or more popular languages and platforms, including C/C++, C#, Java, JavaScript/Typescript, SQL, assembly, Ruby, Python, and others, and the ability to pick up new platforms quickly Advanced Qualifications
22

Senior Application Security Engineer Resume Examples & Samples

  • You will be responsible for the evaluation of new technologies, tools, and/or development techniques that impact security
  • You will review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements
  • You will work closely with Corporate Security and Cloud Operations to drive the software security certification process for the organization
  • You will maintain development security standards, policies, and procedures
  • You will perform on-going security code and testing review to improve software security
  • You will perform security risk analysis for our products and portfolio
  • You will provide engineering designs for new software solutions to help mitigate security vulnerabilities
  • You will contribute to all levels of the application architecture, and maintain security documentation
  • You will develop and deliver consistent automated metrics covering all aspects of the security program
  • You will provide security guidelines for the organization to protect critical assets and data
  • You will be responsible for compliance status for all components in each major release, and for the security assurance of the components
  • Experience with encryption, cryptographic standards, communication protocols, security standards and vulnerabilities
  • Working knowledge of web and mobile application development and security vulnerabilities
  • Hands on experience with encryption, cryptographic standards, communication protocols and security standards
  • Strong familiarity with multiple software security paradigms, with CISSP, CISA, OSCP or other information security certifications
  • Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation (such as OAuth2, OpenConnect, WS-Security, SAML)
  • A solid understanding of attack vectors, exploits, and hacking tools
  • Experience with Enterprise Cloud Software environments
  • Knowledge of web related technologies
  • BS in Computer Science or similar technical field
  • 5+ years proven work experience as a Software Security Engineer
23

Senior Application Security Engineer Resume Examples & Samples

  • Act as liaison between Cybersecurity and the digital banking development team
  • Assist development team implementing secure SDLC practices
  • Threat model web applications and work with development team throughout the agile SDLC
  • Perform web application vulnerability assessments and penetrations tests
  • Provide security and compliance requirements for software development projects
24

Senior Application Security Engineer Resume Examples & Samples

  • Software Security Assessment: Evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques
  • Application Security Control Development: Provide expert guidance to developers on the appropriate selection and implementation of relevant application security controls
  • Security Awareness Training: Design, develop and deliver presentations focused on raising awareness for crucial security relevant considerations and defensive programming techniques
  • Support the planning and execution of the application security testing and evaluation program with possibility to mentor junior team members
  • Advise and consult internal clients on appropriate application of security practices and existing security services to solve problems or enable new business opportunities
  • Serve as subject matter expert on application and information security technologies and methodologies
  • B.S or M.S in Computer Science, or equivalent education or experience
  • Emphasis in software security a plus
  • At least three (3) years of professional experience with M.S degree or at least five (5) years of experience with a B.S degree
  • Two (2) or more years in software engineering and development with emphasis on the delivery of secure, Internet-exposed, multi-tier, web-based systems using Java/J2EE and/or C#/ASP/.NET (experience with both a plus)
  • At least one (1) year of hands-on experience evaluating the security of applications using both manual and automated techniques. Relevant tool experience should include code security scanners such as Fortify SCA, Checkmarx; web vulnerability scanners such as HP WebInspect or IBM Rational AppScan; assessment support tools such as BurpSuite, Metasploit, or Core Impact
  • Experience mentoring and leading small teams and demonstrated responsibility for managing security assessments for a portfolio of applications is desirable
  • Strong written and verbal communication skills. Specific relevant experience may include technical reports (especially application security assessment reports), technical whitepapers, presentation development and delivery (for both technical and business audiences), technical training, etc
  • Candidate should have experience making and defending sound technical arguments that incorporate relevant technical and business considerations, and building consensus among stakeholders
  • Knowledge of security considerations related to virtualization and cloud computing
  • Mobile Application Security on iOS and/or Android devices; includes experience in secure development of applications and/or analysis
  • Knowledge/hands-on experience in implementing DevSecOps (enabling security in DevOps)
  • Knowledge/hands-on experiences of AWS fundamentals and security a plus
  • Financial services industry (Insurance, Banking, Investments) experience a plus
  • Providing software architecture security guidance, including developing application threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities
  • Design patterns and coding standards for secure software
  • Familiarity with commonly used authentication & authorization systems such as Siteminder, Okta, ForgeRock
  • Knowledge of PKI systems
  • Knowledge of cryptographic tool kits for application development such as RSA BSAFE or others
  • Knowledge of general application security API's and protocols such as: MS CryptoAPI, Kerberos, SSL/TLS, SAML, S/MIME, and PKCS API's
  • End-to-end, hands-on experience in security solutions for complex enterprise architectures
  • Knowledge of cryptographic solutions for protection of data in use, in transit and at rest, such as; Masking, SSL/TLS, IPSec, or format preserving encryption & sanitization
25

Senior Application Security Engineer Resume Examples & Samples

  • Perform black-box penetration testing and code reviews of our flagship services, product offerings and vendor applications
  • Assist in our vulnerability remediation efforts by triaging bug bounty findings, and guiding teams through the implementation of fixes
  • Relevant experience in several of these languages: Java, JavaScript / NodeJS, Ruby, .NET, C / Objective C, PHP, Python
26

Senior Application Security Engineer Resume Examples & Samples

  • Design web application architecture and design principles
  • Complete external and internal penetration tests
  • Analyze, assess and respond to various security threats
  • Seek out opportunities to automate process
  • B.S. or M.S. Computer Science or related field
  • 4 years of relevant work experience including experience in application-level vulnerability testing and code-level security auditing
  • Expertise with multiple software development languages (Java, Microsoft .NET, or C/C++)
  • Experience with multiple operating systems
27

Senior Application Security Engineer Resume Examples & Samples

  • Responsible for providing engineering and architecture direction for application security designs that solve business problems
  • Responsible for working with application teams on security solution design and implementation
  • Responsible for accessing security solutions proof of value and conducting proof of concept
  • Responsible for providing security solutions for web applications, web services and API management
  • Responsible for applying and ensuring that all enterprise and industry standards and best-practices are followed in application security design and remediation
  • Responsible for educating other team members on application security standards and best practices
  • Responsible for participating in enterprise technology and functional planning processes to develop standards and best practices
  • Responsible for developing application security engineering and architecture roadmaps and blueprints for security domains
  • Experience designing web application and web service security solutions
  • At least 5 years on experience in web service (SOAP and RESTful) security
  • Expertise in various authentication and authorization patterns using enterprise tools and technologies
  • 4-6 years of Experience with IBM Datapower or similar solution
  • At least 2 years of experience with SAML2.0, OAuth, OpenID Connect based patterns
  • A diverse skill base in both Information Systems and Information Security
  • The ability to work closely with Business and development and a thorough understanding of the balance between Business and Security requirements
  • Data Analysis- Input, understand, analyze and act on data
  • Growth & Development- Maximize development of self and others
28

Senior Application Security Engineer Resume Examples & Samples

  • Bachelor's Degree in Computer Science, Information Security, or related field
  • 7 years of software development experience including 3 years of C# and/or Java development experience
  • 3 years of defensive application security experience
  • 3 years of experience with software security assessment using static code analyzers, application penetration tools, and attack surface analysis and threat models
  • Deep understanding of application security vulnerabilities including the OWASP top ten, and how to prevent and mitigate them
  • Solid knowledge of Internet and Mobile technologies and architectures
  • Ability to coach developers and product management at all levels in improving product security
  • Strong understanding of network technology and protocols (TCP/IP, VPNs, Firewalls, IPS, IDS, and DNS)
  • Understanding of regulatory requirements and compliance and their impact on software development, including PCI DSS, HIPAA, SOX
  • Additional security industry certification (OSCP, GSSP, CEH, CPT)
  • Knowledge of PKI architectures and implementation
  • Understanding of network technology and protocols (TCP/IP, VPNs, Firewalls, IPS, IDS, and DNS)
  • Understanding of cloud architectures and how they impact application security
  • Knowledge of industry secure development frameworks such as Microsoft SDL or OpenSAMM
  • Experience developing software on an agile team (XP, Scrum, TDD, etc.)
29

Senior Application Security Engineer Resume Examples & Samples

  • Engineer and maintain application security tools and services to ensure quality within Lending Club’s SDLC
  • Enable automated security testing at scale to measure vulnerability density across Lending Club applications
  • Evangelize security within the development organization through awareness proliferation activities such as mentoring, engineer onboarding training, Security Champ collaboration, and development and procurement of security related events such as Capture the Flag competitions and Red Team activities
  • Commit to and develop AppSec testing / unit testing requirements for security features and functions
  • 5+ years software engineering experience (Java focus)
  • Superb communication skills
30

Senior Application Security Engineer Resume Examples & Samples

  • Identifies, highlights, and provides security recommendations during requirement and design reviews
  • Conducts software design and code reviews of applications and security testing of products
  • Performs threat modeling and ethical hacking/pen-testing
  • Designs and advocates for security and secure coding practices
  • Serves as an advisor to the business on technical security issues and challenges and helps in remediation
  • Researches emerging technologies and maintain awareness of current
  • Computer Science/Information Systems or related field
  • Knowledge of authentication mechanisms like SAML, OAuth, etc.5+ years of experience as a developer or in application security
  • Strong programming background
  • Languages experience: Java/C#, T-SQL, JavaScript, HTML strongly preferred
  • Knowledge of Security Flaws and its Resolution as listed in sites like OWASP, SANS, etc
  • Experience in secure application programming, code reviewing, and penetration testing web based application
  • Experience in security testing mobile application is a plus
  • Ability to work effectively with technical and non-technical personnel in a cross-functional setting
  • Experience leading implementation efforts of security initiatives and resolutions of any findings from internal or external assessments
  • Experience with Secure Software Development LifeCycle
  • In-depth knowledge of web application vulnerabilities and ability to articulate their impact to business users
  • Experience with DAST , IBM AppScan, HP Web Inspect, Burp, etc
  • Experience of HTML5, Javascript, PHP, Bash, Python or Perl
  • Experience of application vulnerabilities, threat modeling and secure SDLC
31

Senior Application Security Engineer Resume Examples & Samples

  • Lead AppSec vulnerability and patch management process and ensure uniform process across all Commerce Cloud products
  • Lead staff working this area, inspiring impactful results
  • Organize defect issues/tickets to ensure timely fixes
  • Perform automated scans using various commercial tools and triage and catalog the results into KPIs and SLAs
  • Provide code reviews and advice designs
  • Work with development teams to carry out application security reviews
  • Provide expert advice and consultancy to software and platform engineering on risk assessment, threat modeling and fixing vulnerabilities
  • Collaborate with engineering, testing, and operations groups
  • Travel several times per year to conferences and other corporate locations
  • BS in Computer Science or equivalent
  • Experiencing leading technical staff, organizing plans, and driving results
  • 4+ year's experience in application security and vulnerability testing
  • 3+ years App design and development coding skills across broad spectrum of technologies including Java web and iOS mobile
  • 1+ years of deep application security experience: crypto, auth, TLS, OWASP top 10 vulns
  • Knowledge of threat modeling or other risk identification techniques
  • Development experience in Java and Linux OS fundamentals
  • Knowledge of network and web related protocols
32

Senior Application Security Engineer Resume Examples & Samples

  • Application Firewall and Runtime Defences: Triage security events and work with a broader team in developing mitigation strategies for application security vulnerabilities
  • Tune products/solutions to keep false positives at minimum
  • Bachelor of Science in Computer Science, or equivalent education or experience
  • Emphasis in application security a plus
  • 4+ years of experience with runtime application protection controls such as Web Application Firewalls/RASPs, including deployment, operation, administration, and support
  • Experience with Cloud based WAF solutions e.g (SecureSphere Cloud, F5 Cloud) and SaaS based WAF solutions (e.g Cloudflare, Incapsula etc.) are strong plus
  • Good understanding of Web Applications architectures (e.g n-tier, microservices)
  • Familiarity with common programming languages and technologies (e.g PHP, Java, HTML, JavaScript, RegEx, REST)
33

Senior Application Security Engineer Resume Examples & Samples

  • Build, automate, and operate automated security capabilities for AppDynamics including static application security testing (SAST) and dynamic code analysis across multiple technology stacks and development languages
  • Review implementation code of critical projects; identify security flaws and suggest remediation
  • Maintain and administer the open source applications security testing (OAST) environment through access controls
  • Maintain and administer the dynamic applications security testing (DAST) environment through access controls
  • Develop automated integration with platform like Jenkins, GitHub & Jira
  • Act as advisor in the area of secure development and threat mitigation
  • Thorough knowledge of the Secure SDLC
  • Work with our engineering and development community to help define security gates as part of the process
  • Develop our mobile framework for security testing and continue to monitor new threats and publish internal best practices
  • Design training material for building the engineering function as a central tenet of security testing
  • Publish quarterly internal newsletters associated with open source releases each quarter
  • Develop new security frameworks for desktop and web based applications
  • Work with development to ensures fixes are applied as per the vulnerability policy in order to remediate as required