Key skills
Web application developmentSecure SDLCDASTSASTPenetration testingSecure codingSource code analysisTechnical certificationCommunication skillsProblem solvingPythonJava.NETSDLCCommunicationPenetration Testing
About this role
Fragomen is seeking a Security Engineer – Application Security to join their talented Cyber Security team in Pittsburgh. The role involves building and maintaining security tools, collaborating with development teams to ensure secure coding practices, and leading efforts in vulnerability detection and remediation.
Responsibilities:
- Build, deploy and maintain tooling to validate and track security controls in and around our code
- Work closely with application development and infrastructure architectural teams to create code which is secure by design and default
- Triage programmatic source code findings and automate penetration testing to decrease potential introduction of vulnerabilities
- Lead and collaborate with developers on secure coding techniques and threat modeling
- Contribute to vulnerability detection and remediation of technological offerings
- Deploy developed or OTS security applications to support our efforts
- Participate in a cross-functional response to cyber security incidents
- Work closely the security team to establish prevention, detection and mitigation techniques
- Support the scoping and rules of engagement of our penetration testing regime
Requirements:
- 5+ years of web application development (.net, python, java, etc.)
- Secure SDLC (Software Development Life Cycle), DAST (Dynamic Application Security Testing), and SAST (Static Application Security Testing) experience
- Demonstrated understanding of web application penetration testing, secure coding and source code analysis
- Strong, professional communication skills that maintain under pressure
- Experience in developing highly automated detection and triage tools
- Deep understanding of cyber security techniques
- Technical certification demonstrating technical prowess in secure software development e.g. Certified Secure Software Lifecycle Professional (CSSLP), or Certified Application Security Engineer (CASE) or similar
- BA degree in a related field or a combination of related experience is a must