Application Security Engineer


PhishMe
Headquarters: Leesburg, VA

PhishMe’s Engineering team is seeking an Application Security Engineer to assist the Development, Production Engineering, and Security Operations teams with application-level security assessment and threat mitigation.

The successful candidate must have professional work experience. This is a full-time position working for PhishMe, Inc. Outsourced or software development contractors will NOT be considered.

Responsibilities:

  • Review merge requests from Development and Production Engineering teams to proactively address security concerns before
  • changes are merged to master
  • Validate and address findings from static analysis tools
  • Perform routine internal penetration testing
  • Develop and evangelize secure programming standards
  • Conduct periodic internal software security audits
  • Validate, address, and document responses to security findings from third-party penetration testing engagements
Successful applicants must be:
  • Passionate about application security
  • A self-starter who can identify work that needs to be done without waiting for direction
  • Able to work effectively and be pragmatic as part of a remote team in a dynamic business environment
  • Comfortable working independently but able to escalate problems when necessary
  • Demonstrate strong oral and written communication skills
  • Eager to learn; able to understand and apply new things relatively quickly
  • Willing to mentor and guide fellow team members kindly and constructively
  • Enjoy sharing knowledge via documentation
  • Can work for eight solid hours per day where at least five overlap with 8am to 6pm Eastern
  • Available to work off-hours as necessary
  • Happy to travel occasionally for team meetings and events
Your experience should demonstrate that you:
  • Have extensive professional experience in information security, as a vulnerability researcher, QS engineer, or developer
  • Are able to read and write Ruby code
  • Can write PoC code and documentation that clearly demonstrate vulnerabilities
  • Are proficient with or able to quickly learn automation tools such as Selenium
  • Are able to find solutions to challenging technical puzzles with atypical constraints
  • Can effectively use git and understand common SCM workflows
  • Are able to write code that is intentional and readable rather than magically obscure
  • Enjoy tinkering
It would really be outstanding if you:
  • Have previous professional, full-stack app-sec experience
  • Can list and demonstrate examples of the OWASP Top 10; have experience playing with railsgoat
  • Have deep knowledge of the Ruby on Rails and Java Spring web frameworks
  • Are familiar with BDD
  • Have working knowledge of AWS or other cloud computing platforms
  • Have used static analysis tools such as Brakeman and Bundler-Audit
  • Have experience using CI environments (Jenkins/Docker)
  • Are familiar with proxies, firewalls, mail infrastructure, and other solutions commonly seen in large enterprises
  • Can comfortably use advanced git features such as rebase, rebase -i, merge –no-ff
  • Have attained a four-year degree in something (…anything)
  • Have customer support experience (retail, help desk, consulting, etc.)
  • Include a link to GitHub/GitLab/Bitbucket profile
Compensation
  • Competitive salary and stock options
  • 401k with company match
  • Health, vision, dental, disability, life insurance
  • Telecommuting expense reimbursement
Location
  • Leesburg, VA or US Telecommute

APPLY FOR THIS POSITION

To apply for this position, please follow the link below:https://www.paycomonline.net/v4/ats/index.php?/job/apply&clientkey=A9D4A2503BE71F57EC607E67A7D96692&job=530

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s