We have a big vision which is why we need you—an innovator and problem solver ready to revolutionize and empower businesses to succeed.
Job Overview
About the Senior Application Security Engineer role:
Scorpion is looking for an experienced Sr. Application Security Engineer to join our Information Security team!
As a Sr. Application Security Engineer, you will be responsible for the security of our applications and have the opportunity to proactively mature our Secure Development Lifecycle Program. This role will advise and guide the development teams on best practices as it relates to security automation through the use of products and services. Reporting directly to the Director of Information Security, this individual contributor role will be an integral part of our Information Security Team.
What You'll Do
Responsibilities:
- Work closely with Developers in ensuring our proprietary software is secure.
- Own and maintain the security aspect of the Software Development Lifecycle (SDLC) including partnering with development teams in the creation and maintenance of our application architecture plans, roadmaps, and designs.
- Test the security of software by performing manual and automated source code reviews.
- Drive development and adoption of application security standards, policies, and practices.
- Manage scans to detect vulnerabilities in open source libraries and licensing non-compliance.
- Build threat models for and perform application architectural risk assessments of internally developed products and systems.
- Partner with Engineering teams to define and document application security requirements for Scorpion applications.
- Educate engineering teams on secure coding techniques and security best practices.
- Participate in the development of security policies, standards, and procedures.
- Able to identify application vulnerabilities and advise on appropriate remediation.
- Manage the annual application penetration test engagement with third-party firms.
What You'll Need
Education & Experience:
- BS in Computer Science or similar degree, or the equivalent in technical certifications.
- 8+ years of software development and/or application security experience.
- Experience with security testing tools (BurpSuite, Zap, Kali, etc.).
- Experience with Azure cloud infrastructure and security best practices.
- Knowledge and understanding of OWASP & SANS identified common security coding flaws, threat modeling, automated & manual static security code analysis, and other application security best practices.
- Strong experience with CI/CD pipelines.
- Experience with the detection and mitigation of application vulnerabilities.
- Experience with any of the following technologies: Containers, Kubernetes, Azure GIT, SAST/DAST, OSS tools.
- Desired certifications: GWAPT, GPEN, OSCP, eWPT, and/or eCPPT.
- Must have knowledge of application security best practices and implementation.
- Must be able to tell the Recruiter a great joke.