Location/Remote: 100% remote, but must be willing to work Eastern Time Zone hours
Employment Type: Perm / Direct Hire / Full-time
Compensation: up to $175k base
Benefits: medical, dental, vision, LTD/STD, HSA/FSA, term life, and supplemental health insurances (e.g., Aflac) for all employees (and their families if needed)
We are seeking a passionate and experienced Application Security Engineer to join our team and play a pivotal role in safeguarding our Azure-based .NET-based web applications. You will be responsible for identifying, analyzing, and mitigating security vulnerabilities throughout the development lifecycle. Your expertise in SAST, DAST, and SCA tools, coupled with a strong understanding of security best practices, will be instrumental in ensuring the security of our applications.
Responsibilities:
- Conduct comprehensive security assessments of .NET web applications hosted on Azure, leveraging SAST, DAST, and SCA testing techniques.
- Analyze identified vulnerabilities, evaluate their severity, and recommend effective remediation strategies.
- Work closely with development teams to ensure timely and effective resolution of security vulnerabilities, promoting secure coding practices throughout the development lifecycle.
- Actively participate in code reviews to identify potential security flaws early in the development process.
- Stay abreast of the latest web application security threats and vulnerabilities, including those listed in the OWASP Top 10.
- Develop and maintain secure coding practices and security policies within the organization.
- Incident Response: Contribute to the overall security posture of the company by participating in security awareness training and incident response activities.
- Integrate SAST, DAST and SCA tools like Veracode into CI/CD pipelines across multiple organizations using various platforms.
- Analyze vulnerability findings and customize reports to address specific organizational needs.
- Develop and deliver OWASP Top 10 training to educate developers on secure coding practices.
- Assist developers with integrating CI/CD tooling and development processes to streamline security workflows.
- Demonstrate familiarity with security best practices such as NIST Cybersecurity Framework
Qualifications:
- 4+ years of experience in application security, with a strong focus on Azure-based .NET web applications.
- Proven experience using Veracode to conduct SAST, DAST, and SCA security assessments.
- In-depth understanding guiding developers to implement and understand OWASP methodologies and web application security threats.
- Previous software development experience (C#/.NET preferred)
Preferred Skills (not required):
- Experience with security frameworks and compliance standards (NIST CSF, 800-53, 800-171).
- Familiarity with cloud platforms, particularly Azure, and cloud-native security best practices.
