Senior Application Security Engineer - NextPay Metro Manila / Remote Bookmark Share Print 51 0 0

Listing Description

About the job

The Senior Application Security Engineer is responsible for conducting regular vulnerability assessment and penetration testing to identify potential vulnerabilities in NextPay. The candidate will collaborate with other cybersecurity team members and other departments to remediate vulnerabilities.

What you gotta do…
  • Work with the Product, Engineering, and Infrastructure teams to provide security-focused best practices
  • Improve upon and further integrate the Secure Software Development Lifecycle (S-SDLC) into product design and engineering efforts
  • Handle customer-related questions and concerns around application security, vulnerabilities, etc.
  • Perform regular vulnerability assessments and penetration tests
  • Maintain up-to-date knowledge of the Infosec industry
  • Conduct internal security training and awareness sessions as part of a regular knowledge-transfer initiative
  • Execute internal social engineering tests to assess employee’s knowledge in security threats and vulnerabilities
  • Author technical and quality penetration test reports and provide a detailed remediation guidance for each finding
  • Act as a subject matter expert on application security domains involving web, mobile, and desktop platforms
  • Assist with code reviews during PR to proactively identify potential vulnerabilities to prevent future vulnerabilities

    • Our ideal candidate has…
  • 5+ years of technical experience in Application Security and/or Penetration Testing
  • Familiarity of SANS 25 and OWASP TOP 10 in Web, API, and Mobile Security Risks
  • Experience with Infrastructure Security 
  • Experience with threat modeling and handling vulnerability reports
  • Experience with open source or commercial webapp pen testing tools
  • Development experience with the following languages and/or frameworks: JavaScript, Bash and Python.
  • Knowledge of a variety of cybersecurity frameworks and standards, as well as implementation experience in at least one (e.g., ISO/IEC 27001, PCI DSS, etc.)
  • Strong communication, team working skills, agility to work on any area related to security based on need, organization and interpersonal skill
  • Completed an academic or a professional qualification in cybersecurity or related. If not, must be certified in one or more of the following OSCP, OSEP, OSWE, OSCE, GWAPT, GPEN, PNPT, eWPTXv2, eMAPT, eCPPTv2, eCPTXv2

    • Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!