Application Security Engineer

Responsibilities:

• Conduct security assessments, code reviews, and penetration testing of web and mobile applications to identify vulnerabilities and weaknesses.
• Develop and implement security controls, including authentication mechanisms, encryption methods, access controls, and logging mechanisms.
• Collaborate with software development teams to integrate security best practices throughout the software development lifecycle (SLDC).
• Work closely with DevOps teams to automate security testing and incorporate security into CI/CD pipelines.
• Monitor and analyze security alerts and incidents, investigate root causes, and implement corrective actions.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry trends, and proactively recommend security enhancements.
• Provide security guidance and support to development teams, including training on secure coding practices and threat modeling.
• Participate in security incident response activities, including incident detection, containment, and recovery.
• Assist in the development and maintenance of security policies, standards, and procedures.
• Collaborate with internal teams and external partners to ensure compliance with regulatory requirements and industry standards (e.g., CPRA, GDPR, SOC2, etc.).
• Work closely with Engineering stakeholders and contracted pen testers to see the pen test and vulnerability scanning through from kick-off to completion on a regular basis. 

Qualifications:

• Bachelor’s degree in Computer Science, Information Systems, Information Security, or a related field.
• 2-4 years of professional experience in application security, including hands-on experience with security testing tools and techniques
• Strong understanding of web application security principles, including OWASP Top 10 vulnerabilities.
• Proficiency in programming languages such as C#, PHP, Python, with the ability to understand and review code for security issues and vulnerabilities.
• Experience with security testing tools such as Burp Suite, Snyk, etc.
• Knowledge of secure coding practices, cryptographic protocols, and secure software design principles.
• Familiarity with cloud computing platforms (e.g., AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes)
• Excellent communication skills, with the ability to effectively communicate complex security concepts and principles to technical and non-technical stakeholders.
• Relevant security certifications such as CEH, CISSP, or OSCP are a plus.
• Strong analytical and problem-solving skills, with a proactive and results-oriented mindset.

The compensation range for this role is specific to the United States. It takes into account a wide range of factors that are considered in making compensation decisions, including, but not limited to, skill sets, training, licensure and certification, and experience. A reasonable estimate of the base salary range for this role would be $100,000- $105,000 plus applicable bonus/benefits offerings, etc., as those similarly situated within the Company.

COMPLY is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity, or national origin. Nothing in this job posting should be construed as an offer or guarantee of employment.