Senior Application Security Engineer
Location – Irvine, CA | FULLTIME/Permanent Employee position
Per the Hiring Manager – must have a heavy duty security background. Must also have strong application security experience. Not just a focus on vulnerability scanning. He is looking for a true application developer with 5 years of security focus. Would love to have a true app security person with CISSP certification.
We are looking for a Senior Application Security Engineer to evangelize security at every phase of the software development life-cycle by working closely with developers to ensure applications (Web, Mobile, Micro Services) are secure from inception through release. This role is intended to help developers create hardened applications to ensure the best in class security for Acorns customers. The candidate is expected to provide guidance in development best practices, support in software architecture and design, configuration hardening, and privacy.
Acorns software engineers focused on everything from JavaScript on the browser side, HTML and CSS, Node.js, AWS infrastructure, React, RESTful API, and even CLI tooling (in many languages).
As an application security engineer, your typical week would involve collaborating with developers to move security to the left in the SDLC process by evangelizing security and training developers to build more secure software.
You are not expected to have experience with all technologies listed above. We're looking for experienced application security engineers that love learning new technologies on the job and how to secure them, think creatively to solve complex problems, and enjoy working collaboratively.
Within 1 month, you will:
● Introduce yourself and work with the various application development teams.
● Learn about our roadmap and all the exciting new projects coming soon.
● Familiarize yourself with our software development processes.
● Familiarize yourself with our codebase and products.
Within 6 months, you will:
● Develop application security standards for web, mobile, and micro services.
● Socialize and ensure adoption of such standards within various application development teams.
● Advocate and train developers on secure development best practices.
● Ensure that identified vulnerabilities are remediated per SLA.
Within 12 months, you will:
● Become known as the Application Security subject matter expert that developers seek out for consultation.
● Fully integrate security into the SDLC process – Shift left.
● Participate fully and constructively in architecture designs and reviews.
● Become a signor, from information security perspective, on releasing applications into production.
● Propose innovative solutions to mitigate application security threats.
Please get Self Assessment remarks from the candidates(s). Ranking 0-5, with being 5 being and expert level PLUS also get # of years of experience:
- BS or MS in Computer Science or related field
- 5+ years of application security experience.
- CISSP certification is a must.
- Strong background and understanding of the Android and iOS SDKs.
- Understanding of AWS cloud compute architectures and micro services.
- Strong experience in remediating vulnerabilities and weaknesses in the OWASP Top 10, WASC, and/or CWE 25 and implementing effective defensive techniques.
- Deep understanding of HTTP and SSL/TLS protocols, and Web applications.
- Familiarity with Docker and Kubernetes.
- Understanding of authentication protocols and frameworks to include OAuth, OpenID, and/or AWS IAM.
- Deep understanding of continuous integration / continuous deployment processes and tools.
- Ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security experts.
- Familiarity with common reconnaissance, exploitation, and post exploitation frameworks.
Thanks & regards…
Uday Raj
OnwardPath Technology Solutions
Ph: (920) 264-0747