Senior Application Security Engineer with Veracode Apply
Job Title: Senior Application Security Engineer (with Veracode)
Location: Irvine, CA (Local candidates only)
Type: Contract
Job Description:
We are looking for an experienced Senior Application Security Engineer to join our team in Irvine, CA. In this role, you will be responsible for assisting with our application security program and the onboarding of applications to Veracode. As a Senior Application Security Engineer, you will work closely with application teams to ensure secure SDLC controls are implemented and integrated into the delivery pipeline.
Responsibilities:
- Assist in onboarding application teams and applications to Secure SDLC controls (e.g., SAST, DAST) including remediation guidance, issue tracking, and metrics.
- Assist in the integration of security tools (e.g., DAST, SAST, SCA, etc.) in the delivery pipeline and the S-SDLC process.
- Provide remediation coaching to development teams on how to build a more secure application, including explanations of risk assessment, e.g., likelihood, impact, and the OWASP Top 10.
- Perform vulnerability assessments and provide recommendations for mitigation strategies.
- Conduct security testing using Veracode SAST, DAST, and Nexus IQ.
- Review and analyze security findings and provide guidance on remediation efforts.
- Collaborate with cross-functional teams to ensure timely and effective resolution of security issues.
- Provide expertise and guidance on security best practices and industry standards.
- Develop and maintain security documentation, including policies, procedures, and guidelines.
Qualifications:
- Bachelor's degree in Computer Science or related field.
- Minimum of 8+years of experience in application security and vulnerability assessments.
- Experience with Veracode SAST, DAST, and Nexus IQ.
- Strong knowledge of OWASP Top 10 (2013 and/or 2017 Version) vulnerability detection and mitigation.
- Familiarity with .NET or Java is desirable.
- Familiarity with IDEs, e.g., Visual Studio, Eclipse or IntelliJ IDEA.
- Familiarity with ServiceNow, Jira.
- Familiarity with build systems such as Bamboo, Jenkins, AWS native build tool.
- Excellent organizational and multitasking skills.
- Strong attention to detail and accuracy.
- Excellent communication and interpersonal skills.
- CISSP, CEH, or other relevant certifications are desirable.
If you are interested in this opportunity, please forward your updated resume along with current contact information to Saran@pashtek.com.