Application Security Engineer
Application Security Engineer
We are looking for a Application Security Engineer for a project.
Our client is a big US company providing photography & image sharing services and photography products all over the world. The company is based in California and has operated since 1999. Today it serves 10+ million customers, and hosts 50+ billion photos on its photo storage platform.
- Demonstrate and promote Secure Software Development Life Cycle
- Work with security researchers and developers to resolve security issues in our stack
- Evaluate and classify findings from SAST, DAST, SCA and externally reported sources
- Evaluate and classify findings from our bug bounty program
- Perform security testing on internally developed applications and clearly document findings and recommendations
- Develop and implement security fixes and assist development teams in the same
- Assist in the development of secure code libraries
- Act as technical liaison between Information Security and application development teams
- Support integration and automation within security, monitoring, reporting, and ticketing platforms
- Familiarity with OWASP top 10 vulnerabilities, mitigations and their impact on application architecture
- 1-2 years working as a developer and 1-2 years specifically in application security
- Working knowledge of code versioning tools like Git and continuous delivery tools like Jenkins and Maven
- Must be well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude
- Must have understanding of various systems technologies, architecture fundamentals, next-generation technology and very strong security understanding
- Proven communication skills, the ability present information clearly and concisely to all levels of management both formally and informally
- A history of uncovering, exploiting, and remediating application and system security flaws
- A deep understanding of coding and scripting languages such as Java and Python and the ability to easily switch between a variety of languages quickly
- Knowledge of and experience with manipulating protocols and libraries in order to compromise the security of a set of systems or code
- Experience with application security testing including SAST, DAST and SCA
- Previous experience working on a large code base
- Experience maintaining an enterprise bug bounty program
- Experience working cross functionally with multiple teams to achieve goals
- Understand information security concepts, protocols, and industry best practices
- Hands on experience in MicroServices architecture and security control in such environment
- Familiarity with different styles of source control and CI/CD pipeline
- Experience with database technologies such as Oracle, Mongo, MySQL, MSSQL, Hadoop and NoSQL
- Proven risk assessment and mitigation skill
- Personal development and career growth with exciting and challenging tasks
- The significant contribution to your professional portfolio
- Opportunity to improve company’s process and implement your ideas
Why people want to work with us
We provide lots of career growth opportunities to our employees, which is reflected both financially and reputably.
We support peer assistance in the workplace and hold mentorship programs like IT Talks and in-house courses for various positions.
No need to look for a new job if you want to master new technology or another position. We’ll help you with your transition within QArea.
Our projects belong to a wide variety of industries, which will make your professional background more diverse.
Cozy & fun
We have four spacious R&D offices that have everything necessary for a comfortable work environment: a gym, yoga mats, sweets, foosball, VR set, etc.
We never turn hierarchy against our employees. People are the most valuable asset of QArea which is reflected in how we treat our team.
Our Hiring Process
We respect our candidates and value their personal time, which i s reflected in how we optimized our recruiting and hiring processes over time.
Send your CV
Apply for a job by sending us your CV or a link to your LinkedIn profile.
Our recruiter will get back to you if your resume meets our requirements in order to introduce you to the role.
You will meet a few of your potential colleagues to talk about your skills, background, and expectations in detail.
We’ll negotiate a small test task with you, if necessary. Depending on the project and position, this may be followed by an interview with our client.
By deciding we are a good match for each other, we’ll agree the terms of you starting your career at QArea.
Apply for a job
Your message successfully sent.