Key skills
Application security toolsContainer securityScripting languagesSecure SDLCCI/CD integrationCloud-native securityDevSecOps practicesSecurity certificationsAnalytical skillsCommunication skillsPythonCBashPowerShellAWSAzureGCPKubernetesPrismaSDLCCI/CDCommunicationSnykCheckmarxOWASP
About this role
Scalence L.L.C. is seeking an Application Security Engineer to play a crucial role in safeguarding applications. The position involves managing security processes, consulting with development teams, and ensuring the integrity of scanning operations.
Responsibilities:
- Analyze vulnerabilities identified through scanning, prioritizing remediation based on risk
- Develop and maintain custom scripts to automate security processes and enhance scanning capabilities
- Consult with development teams to provide secure coding guidance and assist with remediation strategies
- Document findings, create actionable reports, and communicate technical details effectively to stakeholders
- Deploy and configure container scanning tools to ensure secure containerized environments
- Onboard applications into DAST scanning workflows, ensuring proper configuration and coverage
- Configure and troubleshoot DAST scans, resolving issues related to application accessibility and scan accuracy
- Review and validate SAST and SCA findings, confirming or rejecting false positives and "mitigated by design" claims from development teams
Requirements:
- Applicants must be able to work directly for us on a W2 basis
- Strong experience with application security tools such as DAST (e.g., Burp Suite, OWASP ZAP), SAST (e.g., Checkmarx, Veracode), and SCA (e.g., Black Duck, Snyk)
- Hands-on experience with container security and deployment of scanning tools (e.g., Wiz, Prisma, Aqua Security)
- Proficiency in scripting languages like Python, Bash, or PowerShell for automation and tool integration
- Deep understanding of secure software development lifecycle (SDLC) and common vulnerabilities (OWASP Top 10)
- Ability to troubleshoot complex scanning issues and optimize configurations for accuracy and performance
- Strong analytical skills for vulnerability triage and risk prioritization
- Excellent communication skills for consulting with development teams and explaining technical findings
- Experience integrating security tools into CI/CD pipelines
- Familiarity with cloud-native security (AWS, Azure, GCP) and container orchestration (Kubernetes)
- Exposure to DevSecOps practices and security automation frameworks
- Relevant certifications such as OSWE, GWAPT, or CISSP