(Permanent Job) Java Application Security Engineer - 100% Remote
- Central Ave, San Francisco, CA, USA
This is a direct-client opening for an Application Security Engineer located in San Francisco, CA. This is a full-time position
Our client is looking for an Application Security Engineer who brings extensive experience with JAVA/J2EE Programming. Looking for someone who can do Audit & Review code and provide recommendation on best practices related to application security.
We are looking for someone who is proficient with one or more of the following tools: SD Elements, Checkmarx Static Scanner, AquaSec Docker Container Scanner, Synopsis Seeker IAST OWASP Vulnerability Validation Suite, and Qualys Vulnerability Scanner
This position is a Senior individual contributor role in our Application Security team. The team delivers application security frameworks and general framework guidance for our company.
You will be developing security software for our Cloud, and providing the next generation of real time Application security software to protect our site from attacks.
The position requires good understanding of architecture, design and coding in multiple application security platforms and framework functions.
Successful candidates will be familiar with delivering application security solutions on platforms transitioning to host-based security with Layer 7 encryptions from firewall based protections.
Lead cross functional teams to complete projects and major initiatives using judgment and growing experience. Collaborate with Cloud, IT, Engineering, and Operations architects to understand the solution architecture and then fully articulate the security design of the platform.
Conduct application development and deployment methodologies, processes, and testing automation. Develop policy and operational processes to insure high availability and service of entire technology stack, from front-end web traffic to back-end big-data infrastructure.
Help to design and build distributed systems and reliable, fault tolerant software.
Help to design and build HA production-grade solutions on virtualized and cloud based environments.
Work in a team environment.
Master’s degree, or foreign equivalent, in Computer Science, Engineering or closely related quantitative discipline and seven (7) years of large scale, full life cycle development experience (if Masters in Engineering) or 9 + years (if Bachelors in Engineering), preferably 3+ years as a lead engineer.
3 + years in Java programming implementing large scale, high availability, fault-tolerant web infrastructure, with clear concept of concurrency in Java, Java security APIs, features and performance
Excellent communication and interpersonal skills.
Ability to thrive in a high-pressured environment and crisis situations.
Ability to multi-task multiple projects at once and drive for results independently.
Special Skill Requirements:
Experience must include the following:
Java, Python, NodeJS, Spring, Apache, Tomcat, JSON, XML, and JBoss
Open Source PaaS frameworks such as Pivotal Cloud Foundry, Cloudify or OpenShift
GCP, AWS and Azure cloud services such as Openstack and KVM
Mobile and Native application development familiarity
VMWare, Hyper-V, Docker, Kubernetes
The application of threat modeling or other risk identification techniques
SD Elements, Checkmarx Static Scanner, AquaSec Docker Container Scanner, Synopsis Seeker IAST OWASP Vulnerability Validation Suite, and Qualys Vulnerability Scanner
Deployment and Management, CI/CD integration, Jenkins, Concourse, and BOSH
Strong understanding of application security patterns including web application security (OWASP top 10, XSS, injection vulnerabilities, CSRF, platform security hardening), and mobile security (device fingerprinting, Mobile authentication and key exchange) strategies.
Strong knowledge of industry trends in security technology
Expertise in developing and implementing one or more of the following: Identity and Access Management, SSO, SAML, Open ID, OAuth2 or 2FA technologies.
Please complete the below skills-matrix and send back with your most updated resume
Total Experience as an Applications Security Engineer:
Total Experience with Java:
Total Experience with OpenSource PaaS frameworks:
Total Experience with Cloud Services such as Google Cloud, AWS or Azure;
Total Experience with 1 or more of the following (SD Elements, Checkmarx Static Scanner, AquaSec Docker Container Scanner, Synopsis Seeker IAST OWASP Vulnerability Validation Suite, and Qualys Vulnerability Scanner):
Total Experience with Mobile Security:
Total Experience with Identity and Access Management, SSO, SAML, Open ID, etc:
What is the link to your Linkedin Profile?
What is the best phone number to reach you at?
Work Status (US Citizen, Green Card, etc.):
All your information will be kept confidential according to EEO guidelines.