Role: Application Security Engineer

Location: San Francisco, CA (Need local F2F required)

Job Type: Full Time

Job Description 

This role is responsible for supporting the team through the security development lifecycle by developing best practices, performing scans, managing escalations, designing and implementing security measures, providing supporting documentation, and driving security-related capabilities and tooling.

RESPONSIBILITIES:
• Serve as expert responsible for tracking, remediating and preparing action plans regarding security concerns
• Maintain security roadmaps on security state and top risks across products
• Try to break our systems and APIs to ensure that no one else can
• Perform internal scans, evaluate third party scans, and analyze results
• Conduct security reviews of application architectures to assess technical and business risk, identify threats and vulnerabilities, and propose solutions
• Analyze and replicate attacks using advanced industry tools
• Participate in software design process to identify thread models, perform design, and code reviews
• Work hands-on to improve and extend our security frameworks
• Understand and evangelize industry best practices, drive internal awareness sessions, and workshops
• Keep up to date on latest attack trends and methods, particularly those concerning mobile and web applications
• Develop test plans for security verification and assist development teams with security testing methodologies and tools

• 4+ years of professional software security experience
• 2+ years of experience in application security architecture and design
• Understanding of security concepts of Internet technologies, architectures, and protocols: browsers, cookies, web servers, proxies, firewalls, sockets, TCP/IP. SSL, PKI, X509, SAML, and OAuth
• Proven understanding of Cryptography and Java Security APIs
• Proficiency in Enterprise Java application architectures and broad knowledge of security-related OSS libraries, such as Spring Security
• In-depth and hands-on experience with application servers and web service standards and technologies (REST / JAX-RS, SOAP)
• Understanding of static code analysis tools such as Fortify
• Experience with relational databases and technologies such as XML / XSL, HTML, JavaScript, JSON, and UNIX / bash
• Awareness of standards relevant to the software industry (e.g. ISO, CMM, Six Sigma)
• BS/BA in Computer Engineering, Computer Science or equivalent combination of education and experience
• Outstanding verbal and written communication skills, as well as excellent analytical, decision-making, problem-solving, organizational and time management skills
• Experience with securing iOS or Android apps or experience working in the Finance Industry a plus

All your information will be kept confidential according to EEO guidelines.