APPLICATION SECURITY ENGINEER RESPONSIBILITY :
• Conduct white box and black box security scan, harden systems and application platform • Develop scripts to automate systems hardening and security vulnerability assessment
• Maintain security test suite in QA build
• Optimize system performance and reliability to enhance user experience.
• Conduct code reviews to ensure code quality and securityWork with Software Quality Engineer on system integration testing
• Work with Software Quality Engineer to manage defect life cycle
• Work with Software Quality Engineer to improve testing processes and tools
• Take on secondary role as an Application Performance Engineer or Software Quality Engineer
• Collaborate with cross-functional teams to enhance security in the development pipeline
EXPERIENCE AND SKILLS NEEDED :
• Min 2 years of experience in application security vulnerability assessment, analysis and remediation
• Experience in agile development environment will be an added advantage
• Experience with continuous integration and continuous delivery, using Gitlab or other similar tools will be an added advantage
• Experience in public cloud providers such as GPC, GCC (i.e. AWS, Azure, Google Cloud) will be an added advantage
• Experience with OWASP ZAP, Burp Suite, SQL Map, Nessus, Nmap, Fortify WebInspect or equivalence will be an added advantage.
• Experience with Checkmarx or equivalence will be an added advantage
• Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP) or equivalence will be an added advantage
• Experience using Dynamic Application Security Testing (DAST) Tools such as ZAP, Burp Suite, Micro focus WebInspect or equivalence will be an added advantage.
• Experience using Static Application Security Testing (SAST) Tools such as Micro focus Fortify, Checkmarx or equivalence will be an added advantage.
• Security testing-specific certifications such as Offensive Security Certified Professional (OSCP), GIAC Certified Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), CREST Registered Penetration Tester (CRT) or equivalence will be an added advantage.
• Risk management-specific certifications such as Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP) or equivalence will be an added advantage
• Degree or Diploma in Computer Science, Computer or Electronics Engineering, Information Technology or related disciplines.