Level 4 Application Security Engineer

The Application Security Engineer will assist Asurion in developing secure products by providing best-in-class application security services to the product development organization. This role is responsible for proactively working with our product team to build secure software, validating code level compliance with security standards, assessing applications and services for weaknesses, and working with our development teams to correct security defects.

Essential Duties and Responsibilities:

Provide application/product security guidance to globally distributed product development organization.

Advise and educate development teams with respect to application security best practices, security automation within the SDLC, and the proper use of application security products and services.

Perform application security assessments of internally developed products and systems, covering architecture, design, and implementation.

Build threat models for and perform architectural risk assessments of internally developed products and systems.

Perform automated and manual security code reviews.

Build and maintain positive and productive working relationships with product development teams and individuals.

Provide assistance in response to product security incidents where application / product security expertise is required.

Participate in blameless postmortems and retrospectives in effort to improve security of products / systems.

Develop security assessment scripts and frameworks.

Develop applications and/or scripts as needed to support product security tooling, automation, or other day-to-day work.

Continuously learn and keep abreast of the latest technical developments in the application/product security and cloud security spaces.

Perform research into and present on relevant security technology, practices, and threats.

Work closely with a small team of application security and penetration testing staff, in conjunction with product development, to ensure company products and services withstand foreseen and reasonable attacks.

Here's what you'll bring to the team:

Bachelor's Degree in Computer Science, Software Engineering, Computer Engineering, Electrical Engineering, Electronics Engineering, or related field

4+ years of experience as a software engineer/developer in a product development organization with a focus application security, specifically reviewing code, identifying security defects, and working with developers to make the appropriate corrections.

2+ years of hands-on, experience in application security reviewing, assessing, and providing guidance to product development teams.

Knowledge of application security vulnerabilities and best practices including OWASP & SANS identified common security coding flaws, a general understanding of threat modeling, and automated & manual static security code analysis.

Experience with application security scanning tools including SAST, SCA, and DAST; Familiarity with GitHub Advanced Security is a plus.

Demonstrable knowledge of coding in two or more of the following: C#, Java, JavaScript, Python, or SQL.

Knowledge of authentication & authorization techniques, public cloud security, and cryptography.

Strong analytical and problem-solving skills.

Excellent communication (oral, written, presentation) skills.

Penetration testing experience is desirable.

GWEB highly desirable; GWAPT, GXPN, OSCP, OSCE, OSWE, OSEE certifications also desirable.