Hostonic HostingRemote
Senior AppSec Engineer
United States
Full Time
2 weeks ago
$158,000 - $198,250 USD
No H1B
Key skills
SDLC.NETC#CLeadershipRisk ManagementCommunicationPenetration Testing
About this role
Role Overview
- Perform manual and automated application security testing to identify vulnerabilities across the OneStream platform.
- Conduct code analysis to assess and ensure the security of application code.
- Evaluate the software development lifecycle (SDLC) to identify opportunities to strengthen application and supply chain security.
- Partner with Development and Engineering teams to embed security into OneStream services and workflows.
- Collaborate with members of the Security team to identify attack patterns and indicators of compromise.
- Design, develop, and maintain custom security testing tools to support internal testing efforts.
- Define, document, and enforce secure development policies, standards, and procedures.
- Provide mentorship and technical guidance to junior members of the Security team to support growth and knowledge sharing.
- Document, communicate, and report security findings and risks identified during testing activities.
- Perform penetration testing against OneStream assets to validate application and infrastructure security.
- Conduct security architecture and design reviews to ensure secure-by-design implementations.
- Provide secure design and secure coding guidance to engineering teams throughout the development lifecycle.
Requirements
- Bachelor’s degree in Computer Science, Engineering, or a related field with 8+ years of experience in application security testing, penetration testing, or software development
- Master’s degree in Computer Science, Engineering, or a related field with 3+ years of experience in application security testing, penetration testing, or software development
- Associate degree in Computer Science, Engineering, or a related field with 12+ years of experience in application security testing, penetration testing, or software development
- 3+ years of hands-on experience conducting threat modeling for applications and systems and translating findings into actionable remediation guidance
- Experience writing and reviewing C# and .NET code, including secure coding and code review practices.
- Hands-on experience performing penetration testing of web applications.
- Experience decompiling and reverse engineering .NET libraries.
- Broad experience across IT security and infrastructure, security risk management, and compliance frameworks such as SOC 2 and FedRAMP, including security policies, procedures, testing, auditing, and internal audit.
- Industry-recognized offensive security or penetration testing certifications, such as: Offensive Security Certified Professional (OSCP), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Penetration Tester (GPEN), other relevant offensive security or penetration testing certifications.
- Outstanding written and verbal communication skills, with the ability to clearly explain complex technical concepts to both technical and non-technical audiences.
- Highly organized with strong analytical and reasoning skills.
- Self-motivated self-starter who works effectively both independently and with minimal direction.
- Independent thinker with sound judgment and the ability to make well-reasoned decisions.
- Ability to think quickly, evaluate trade-offs, and make decisions in fast-paced environments.
- Strong prioritization and multitasking skills, with the ability to manage multiple initiatives simultaneously.
- Comfortable communicating and collaborating with stakeholders at all levels of the organization, including senior leadership.
Tech Stack
- SDLC
- .NET
Benefits
- Vision
- Medical
- Life
- Dental
- 401K