Key skills
Application SecurityWeb-based ArchitecturesApplication Security Testing TechniquesVulnerability ManagementDevSecOpsAPI SecurityContainer SecurityKubernetes SecurityCloud Security - AzureCloud Security - AWSProgramming Languages - JavaProgramming Languages - PythonProgramming Languages - GolangSecurity Certifications - CISSPSecurity Certifications - CSSLPSecurity Certifications - GPENSecurity Certifications - GWAPTSecurity Certifications - OSCPAuthenticationAuthorization - OAuthAuthorization - OktaAuthorization - Microsoft EntraContinuous ImprovementInfluencingDecision MakingPythonJavaGolangAIAWSAzureKubernetesOAuthOkta
About this role
SAS is a leader in data and AI, inspiring customers worldwide to transform data into intelligence. The Application Security Engineer will be responsible for ensuring the security of internally-used applications by collaborating with various teams to enhance the application security program.
Responsibilities:
- Coordinate with the Secure Design team to ensure new environments/applications align with expected compliance levels
- Provide guidance to development teams on security design, threat modeling, and resolution of security vulnerabilities
- Advise on potential compensating and mitigating controls to reduce risk
- Triage security findings received through a public bug bounty program, communicating with both the developers and independent security researchers
- Perform application security assessments and web application security assessments on both internal and external web applications and web services
- Interpret and triage results from web application assessments
- Assess Azure and AWS cloud offerings to ensure usage aligns with security best practices
- Assess applications for potential migration from on-prem to cloud
- Help research and define security benchmarks, guidelines, and processes
- Embrace curiosity, passion, authenticity and accountability
Requirements:
- US Citizen
- 5+ years of experience in Information Technology
- Bachelor's degree in computer science or related quantitative field
- Experience with web-based architectures and applications
- Familiarity with industry standards for application security
- Familiarity with common application security testing techniques (DAST, SCA, SAST, IAST) and vulnerability management tooling
- Equivalent combination of related education, training and experience may be considered in place of the above qualifications
- Continuous Improvement: Originating action to improve existing conditions and processes; identifying improvement opportunities, generating ideas, and implementing solutions
- Decision Making: Identifying and understanding problems and opportunities by gathering, analyzing, and interpreting quantitative and qualitative information; choosing the best course of action by establishing clear decision criteria, generating and evaluating alternatives, and making timely decisions; taking action that is consistent with available facts and constraints and optimizes probable consequences
- Influencing: Using effective involvement and persuasion strategies to gain acceptance of ideas and commitment to actions that support specific work outcomes
- Familiarity with DevSecOps
- Familiarity with API Security best practices
- Experience with container and Kubernetes security
- Experience with Azure or other commercial clouds
- Familiarity with various programming languages to assist with peer review (Java, Python, Golang)
- Relevant security certifications such as CISSP, CSSLP, GPEN, GWAPT, OSCP
- Familiarity with industry standard authentication and authorization (OAuth, Okta, Microsoft Entra)