Jr Application Security Engineer - Block.one Arlington, VA, USA Bookmark Share Print 386 0 2

Listing Description

• Work closely with application development and platform teams.

• Participate, champion and help ensure security throughout the software lifecycle:

• Conception & Definition, Design, Implementation, Deployment & Operation

• Participate in and help refine the Secure Software Development Lifecycle.

• Work with stakeholder teams to formulate and implement a strategy for software security that is tailored to the specific risks facing the application, software, and environment including:

o Secure Design Consulting

o Secure Coding Consulting

o Threat modeling

• Proficient in at least one of the following development languages: C++, Java, Javascript, or Python

• Proficiency with basic Linux systems privilege and permission models, admin and operational concepts, and basic scripting.

• Basic understanding of orchestration and automation tools including at least one of Ansible, Chef, Puppet, Terraform or Saltstack.

• Possess a strong understanding of application architectural patterns, such as MVC, Microservices, Service Oriented Architecture, Serverless, Message bus/event driven, etc.

• Organized and capable of executing complex plans with minimal direction.

• Possess strong business acumen with ability to work with application development, QA and security teams.

• Possess a restlessness and desire to break and break into things.

• Knowledge of common attacks and vulnerabilities including OWASP Top 10 and SANS CWE 25.

• Strong self-starter who has the ability to operate independently.

• Excellent oral/written presentation skills a high proficiency in written and spoken EnglishDevelop and maintain a balanced application security program based on a well-defined application security framework.

Asses the security of the applications, software, and operational components including:

Participate in relevant design and code reviews.

Assist with development and review of test plans to ensure effective security coverage.

Conduct application security assessments.

Conduct internal penetration tests.

Coordinate external penetration tests.

Assist teams with mitigating findings including assessment of impacts, possible solutions, and efficacy of remedies.

Assist with implementation and integration of tools and processes for security testing including:

Static Analysis (CAST)

Dynamic Analysis (DAST)

Vulnerability Information Feeds

Code Reviews

Participate in the larger secure software practices via the Application Security (AppSec) Guild:

Ensure application design and implementation best-practice with role-based and appropriate access standards.

Common and secure approaches for integration with Identity and Access Management environments.

Assist with compliance with society, regulatory, and industry standards for application security.

Continuously evaluate the organization’s existing application security practices, define and measure security-related activities.