Listing Description
Application Security Engineer - Remote
Fanatics is looking for an Application Security Engineer to join our Information Security team. This position will partner with our cross functional engineering teams to continually improve product security by incorporating security in all phases of software development life cycle, develop, and identify tools to support automation of the development and delivery (CI/CD) pipeline. Information Security team members are given a great deal of autonomy in the pursuit of keeping Fanatics secure and a successful candidate will demonstrate strong communication skills and is expected to be comfortable and effective working independently and as part of a larger, highly distributed team.
We're looking specifically for folks who place an emphasis on usable security. Fanatics is a fast-growing company and our security program needs to be able to keep pace with that growth while not disrupting innovation.
Skills:
" In-depth knowledge of web and mobile security vulnerabilities, attack vectors and mitigation techniques
" Demonstrated security experience in Cloud (AWS) and Mobile (IOS and Android) platforms
" Experience with multiple programming languages (Java, JavaScript, Go, Python, Ruby, Objective-C, C#, PHP) with hands on expert level coding experience with at least one scripting and one objected oriented programming language
" Fluent with security testing with SAST, DAST, Fuzz and penetration testing tools
" Good understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25
" Knowledge of DevSecOps to maintain security in CI/CD pipeline
" Solid experience with security tools like CheckMarx, BurpSuite, Nessus, QualysGuard
" Familiar with tools like Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Splunk
" Experience with micro services, container deployment and service orchestration
" Strong knowledge of cryptography, API security, secret management, infrastructure hardening, network security, Identity and access management
" Ability to clearly and effectively communicate concerns and issues to the management and engineers
Experience:
" A minimum 5 years of software engineering with at least 3 years of application security experience
" CS degree in related field or an equivalent 4 years of work experience related to application or product security
" Demonstrated experience in developing, documenting and maintaining security applications/tools and procedures/standards" Establish security best processes and practices for our mobile, on-premise and cloud-based platforms.
" Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls
" Implement secure Software Security Development Lifecycle processes and software maturity model
" Perform Architectural risk analysis and threat modeling, secure design and source code review
" Conduct security assessments, security testing and validation of vulnerability scan results
" Incorporate security tools/tasks to automate product development and deployment
" Establish supply chain security process and ensure 3rd party software meet the standards
" Mentor and train development teams on secure coding standards and techniques
Listing Details
- Citizenship: No Requirements
- Incentives: Both
- Education: High School Diploma
- Travel: Travel 25
- Telework: Full Telecommute