Application Security Engineer

Job Summary:

Responsible forworking with Clearwater Analytics development teams to ensuresecurityis injected into the software development lifecycle and products are secure.This role will focus onvalidatingsecure coding practices, penetration testingandownership over application security vulnerability management.

Responsibilities:
 

• Engage inreviews ofapplicationssecurity, including code reviewas well asdynamicand manualpenetrationtestingof products.
• Ongoing facilitation of application vulnerability management
• Advise and supportdevelopment teams in the area of application security
• Ability to suggest improvements to existing processes/tooling.
• Demonstrate professional application of information security, compliance, assurance and/or other security practices and principles.
• Up to date on evolving threats and security vulnerabilities
• Ability to assess risk based on a given risk assessment framework
• Actively seeks out opportunities to improve key systems, does not need to be directed on a daily basis.
• Can help organize a group and coordinate projects orpenetration test engagement.
• Assists in definition, documentation, and evolution of best practices forapplication security program
• Goes above and beyond basic requirements to support their own team and others.
• Helps to identify key gaps in security and tooling functionality that will drive significant improvement inapplication security
• Has the ability to take an assignment, project or problem and define, lead and implement a solution to completion.
   

Requirements:

• Prior experience working in Application Security.
• Proven hands-on experience with security tools such as Burp Suite, OWASP ZAP, and Kali Linux.
• Working knowledge of the OWASP Top 10forweb applications and APIsand how to apply the standard to minimize security risk.
• Understanding of security bestpractices and how to implement them at an enterprise level.
• Basic understanding of networking concepts and protocols.
• Knowledge of secure coding principles and experience with code review processes.
• Familiarity with dynamic application security testing (DAST) methodologies and tools.
• Strong analytical and problem-solving skills with a keen attention to detail.
• Basic coding skills–SQL, Python, other scripting languages.
• Strong written and oral communication skillswith the ability to convey complex security concepts to non-technical stakeholders
• Strong organizational and interpersonal skill

Desired Experience or Skills: