Tranzeal IncorporatedRemote
Sr. Application Security Engineer
United States of America
Contract
3 weeks ago
H1B Sponsor Likely
Key skills
JavaScriptJavaGraphQLServiceNowOWASPPenetration Testing
About this role
Tranzeal Incorporated is seeking an Application Security professional with extensive experience in triaging and validating security vulnerabilities. The role involves assessing exploitability and risk, reviewing code, and coordinating remediation efforts with engineering teams while preparing technical security assessments for various audiences.
Responsibilities:
- Reproducing customer-reported issues
- Assessing exploitability and risk
- Reviewing JavaScript/Java code
- Coordinating remediation with engineering teams
- Preparing technical security assessments for both technical and executive audiences
Requirements:
- 10+ years in Application Security, Product Security, Penetration Testing, or Bug Bounty triage
- Strong understanding of OWASP Top 10, SSRF, IDOR, SQLi, XSS, GraphQL, privilege escalation, and server-side injection vulnerabilities
- Experience with ServiceNow platform security concepts including ACLs, scoped apps, business rules, REST APIs, and GlideRecord/Table API
- Ability to reproduce vulnerabilities in lab environments and validate fixes
- Strong JavaScript and Java code review/debugging skills
- Experience with CVSS scoring and technical security reporting
- Advanced ServiceNow development/security experience
- Customer-facing security support experience
- Familiarity with HackerOne or Bugcrowd
- Security certifications such as OSCP, GWAPT, or GWEB