Key skills
Web application developmentSecure SDLCDASTSASTWeb application penetration testingSecure codingSource code analysisTechnical certificationcommunication skillsProblem-solvingTeam playerPythonJava.NETSDLCCommunicationPenetration Testing
About this role
Fragomen is seeking a Security Engineer – Application Security to join their talented Cyber Security team in the Technology Innovation Lab in Pittsburgh. The role focuses on building a strong AppSec program, securing software development, identifying threats, and mitigating vulnerabilities throughout the environment.
Responsibilities:
- Build, deploy and maintain tooling to validate and track security controls in and around our code
- Work closely with application development and infrastructure architectural teams to create code which is secure by design and default
- Triage programmatic source code findings and automate penetration testing to decrease potential introduction of vulnerabilities
- Lead and collaborate with developers on secure coding techniques and threat modeling
- Contribute to vulnerability detection and remediation of technological offerings
- Deploy developed or OTS security applications to support our efforts
- Participate in a cross-functional response to cyber security incidents
- Work closely the security team to establish prevention, detection and mitigation techniques
- Support the scoping and rules of engagement of our penetration testing regime
Requirements:
- 5+ years of web application development (.net, python, java, etc.)
- Secure SDLC (Software Development Life Cycle), DAST (Dynamic Application Security Testing), and SAST (Static Application Security Testing) experience
- Demonstrated understanding of web application penetration testing, secure coding and source code analysis
- Strong, professional communication skills that maintain under pressure
- Experience in developing highly automated detection and triage tools
- Deep understanding of cyber security techniques
- Technical certification demonstrating technical prowess in secure software development e.g. Certified Secure Software Lifecycle Professional (CSSLP), or Certified Application Security Engineer (CASE) or similar
- BA degree in a related field or a combination of related experience is a must