Application Security Engineer

Location: Palo Alto, CA
Date Posted: 06-06-2017
Our client is seeking an Application Security Engineer II that would report to the Manager of Application Security. The ideal candidate will have strong communication skills, in depth knowledge of application security in both web and mobile, and enjoy finding vulnerabilities and “breaking code.”  You will be responsible for performing penetration tests to identify vulnerabilities, working closely with developers, and implementing security solutions that scale.

What you'll be doing:

    • Perform code reviews and remediation on identified issues
    • Perform application penetration and security functional testing
    • Develop automation and processes to identify security flaws in code

Your background and who you are:

    • BA/BS in Computer Science or a related field, or equivalent experience
    • Relevant experience in an Application Security related field
    • Have experience with web proxies, traffic manipulation, authentication bypass, and bizarre edge cases
    • Strong and well-rounded background in host and application security
    • Experience with applied cryptography including PKI, SSL, key management and SSH identities
    • Experience with financial or sensitive applications and web services-based applications, especially at massive scale
    • Working knowledge of network protocols, and web related protocols (TCP/IP, REST HTTP,  HTTTPS, IPsec)
    • Understanding of techniques for distributed authentication and identity management Experience performing application penetration testing
    • Proficient in C/C++, Python, PHP, MySQL Skilled at use of reverse-engineering tools like IDA Pro or equivalent alternatives
    • Passionate about information security

Bonus Points:

    • Extensive knowledge of internet security issues and threat landscape
    • Experience in application security related field (code reviews, application penetration testing, security engineering)
    • Familiar with tools such as: SIEM, WAF, IDS, vulnerability scanners, etc
    • Familiar with manual interception proxies such as Burp, Fiddler, or Zap
or
this job portal is powered by CATS