54 applicants

Company

Original Job Post

Branch · 5 days ago

Senior Application Security Engineer

New York, NY

Full-time

Hybrid

Senior Level

$182K/yr - $232K/yr

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

App MarketingMobile Advertising

Comp. & Benefits

Insider Connection @Branch

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Work with the engineering team to assess current secure SDLC processes and make recommendations on security best practices.

Collaborate with the security team on developing and implementing the Security Champions program.

Demonstrate subject matter expertise in AppSec, DAST, SAST, SCA/SBOM, OWASP Top 10, API Security and other relevant areas.

Identify tools for code scanning and work with Engineers on procedures for code testing.

Respond to vulnerabilities from our bug bounty program and drive remediation with Engineering teams.

Work with Engineering and Product teams on identity and access management to systems and tools to ensure principle of least privilege.

Assist with the sales enablement process and participate on customer calls to address remediation efforts.

Participate in compliance efforts such as SOC2, ISO, and HIPAA/HITRUST audits.

Educate the Engineering team on secure coding practices and procedures.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Application SecurityInfrastructure SecuritySecurity OperationsAPIs SecurityVulnerability ScanComplianceThreat DetectionOWASP Top 10Web App SecurityAppSecSASTDASTSCAAPI GatewaysMicroservicesCloud ComponentsMobile Application DevelopmentSDKsSecurity TestingServer-Side SDKsAPI Security TestingOWASP Top 10 for Web App & APIsOpenAPIREST APIsProblem-SolvingCommunicationInfluenceProgrammingIntegrationDeep Linking Technologies

Required

At least 5+ years experience as a Security Engineer focusing on application security, infrastructure security, or security operations.

Bachelor's / master’s degree in computer science, Computer Engineering, (or equivalent experience).

Experience in the following domains: APIs Security, Vulnerability Scan, compliance and threat detection, OWASP Top 10 API Security, Web App Security, AppSec, SAST, DAST, and SCA (Software composition analysis).

Experience with different enterprise components to publish and use APIs (e.g., API Gateways, Microservices, Cloud Components).

Experience with Mobile application development and SDKs.

Experience with security testing for server-side SDKs.

Experience with API security testing, vulnerability scan and compliance reporting.

Experience with OWASP Top 10 for Web App & APIs.

Experience with OpenAPI, and other common formats for organizing and functionally testing REST APIs.

Excellent analytical, written, and verbal communication skills – capable of explaining complex requirements in simple words.

Comfortable with conflicts and capable of influencing cross-functional teams.