Mindlance is a company focused on application security, and they are seeking an Application Security Engineer to support development teams with vulnerability analysis and secure coding guidance. The role involves automating security processes, onboarding applications into scanning workflows, and documenting technical findings for stakeholders.
Responsibilities:
- Analyze vulnerabilities identified through scanning, prioritizing remediation based on risk
- Develop and maintain custom scripts to automate security processes and enhance scanning capabilities
- Consult with development teams to provide secure coding guidance and assist with remediation strategies
- Document findings, create actionable reports, and communicate technical details effectively to stakeholders
- Deploy and configure container scanning tools to ensure secure containerized environments
- Onboard applications into DAST scanning workflows, ensuring proper configuration and coverage
- Configure and troubleshoot DAST scans, resolving issues related to application accessibility and scan accuracy
- Review and validate SAST and SCA findings, confirming or rejecting false positives and “mitigated by design” claims from development teams
Requirements:
- Strong experience with application security tools: DAST (e.g., Burp Suite, OWASP ZAP), SAST (e.g., Checkmarx, Veracode), and SCA (e.g., Black Duck, Snyk)
- Hands-on experience with container security and deployment of scanning tools (e.g., Wiz, Prisma, Aqua Security)
- Proficiency in scripting languages (Python, Bash, or PowerShell) for automation and tool integration
- Deep understanding of secure software development lifecycle (SDLC) and common vulnerabilities (OWASP Top 10)
- Ability to troubleshoot complex scanning issues and optimize configurations for accuracy and performance
- Strong analytical skills for vulnerability triage and risk prioritization
- Excellent communication skills for consulting with development teams and explaining technical findings
- Bachelor Degree