COMPLY · 1 week ago
Application Security Engineer
Wonder how qualified you are to the job?
Business DevelopmentCompliance
Insider Connection @COMPLY
Responsibilities
Conduct security assessments, code reviews, and penetration testing of web and mobile applications to identify vulnerabilities and weaknesses.
Develop and implement security controls, including authentication mechanisms, encryption methods, access controls, and logging mechanisms.
Collaborate with software development teams to integrate security best practices throughout the software development lifecycle (SLDC).
Work closely with DevOps teams to automate security testing and incorporate security into CI/CD pipelines.
Monitor and analyze security alerts and incidents, investigate root causes, and implement corrective actions.
Stay up-to-date with the latest security threats, vulnerabilities, and industry trends, and proactively recommend security enhancements.
Provide security guidance and support to development teams, including training on secure coding practices and threat modeling.
Participate in security incident response activities, including incident detection, containment, and recovery.
Assist in the development and maintenance of security policies, standards, and procedures.
Collaborate with internal teams and external partners to ensure compliance with regulatory requirements and industry standards (e.g., CPRA, GDPR, SOC2, etc.)
Work closely with Engineering stakeholders and contracted pen testers to see the pen test and vulnerability scanning through from kick-off to completion on a regular basis.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor’s degree in Computer Science, Information Systems, Information Security, or a related field.
2-4 years of professional experience in application security, including hands-on experience with security testing tools and techniques
Strong understanding of web application security principles, including OWASP Top 10 vulnerabilities.
Proficiency in programming languages such as C#, PHP, Python, with the ability to understand and review code for security issues and vulnerabilities.
Experience with security testing tools such as Burp Suite, Snyk, etc.
Knowledge of secure coding practices, cryptographic protocols, and secure software design principles.
Familiarity with cloud computing platforms (e.g., AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes)
Excellent communication skills, with the ability to effectively communicate complex security concepts and principles to technical and non-technical stakeholders.
Strong analytical and problem-solving skills, with a proactive and results-oriented mindset
Preferred
Relevant security certifications such as CEH, CISSP, or OSCP are a plus.
Company
COMPLY
COMPLY provides and offers resources and consultation services on technical and professional skills for the compliance industry.
H1B Sponsorship
COMPLY has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Trends of Total Sponsorships
2020 (1)
Funding
Current Stage
Growth StageCompany data provided by crunchbase