Application Security Engineer

GuidePoint Security is a company specializing in security solutions, and they are seeking an Application Security Engineer. The role involves implementing and troubleshooting security tools, understanding CI/CD processes, and ensuring secure coding practices throughout the software development lifecycle.

Responsibilities:

• Proficiency with the implementation, operationalization, and troubleshooting of Black Duck and Checkmarx
• Understanding of Continuous Integration / Continuous Delivery (CI/CD) pipeline tools and processes (e.g. GitHub Actions, GitLab Runners, Azure DevOps, Jenkins, CircleCI, etc.)
• Experience in software engineering, ideally full stack software development, including modern technologies and application architectures
• Strong scripting and automation experience using one or more programming languages
• Solid working knowledge of application security fundamentals including the OWASP Top 10, threat modeling, and implementing secure coding practices throughout the Software Development Lifecycle (SDLC)
• Excellent written and verbal communication skills
• Proficiency with the implementation, operationalization, and troubleshooting of other Static Application Security Testing (SAST) tools such as Semgrep, CodeQL, Veracode, etc
• Experience writing or adapting custom SAST rules (Semgrep or CodeQL)
• Familiarity with additional Application Security tools (e.g. Interactive (IAST), Dynamic (DAST) and API security, SCA, etc.)
• Familiarity with API Security tools (e.g., NoName, Traceable, Salt, Cequence)
• Practical hands-on experience validating vulnerabilities and proficiency with Burp Suite
• Strong working knowledge of Secure Development Lifecycles and experience triaging and remediating technical vulnerabilities identified by web application scanning tools
• Understanding of automated security testing approaches and tools
• Experience in building and operating security tools within CI/CD pipelines
• Experience with proactive integration of security into the development process
• Past experience as an application security practitioner or software engineer

Requirements:

• Proficiency with the implementation, operationalization, and troubleshooting of Black Duck and Checkmarx
• Understanding of Continuous Integration / Continuous Delivery (CI/CD) pipeline tools and processes (e.g. GitHub Actions, GitLab Runners, Azure DevOps, Jenkins, CircleCI, etc.)
• Experience in software engineering, ideally full stack software development, including modern technologies and application architectures
• Strong scripting and automation experience using one or more programming languages
• Solid working knowledge of application security fundamentals including the OWASP Top 10, threat modeling, and implementing secure coding practices throughout the Software Development Lifecycle (SDLC)
• Excellent written and verbal communication skills
• Bachelor's degree in a relevant discipline or equivalent experience
• 3-5 years of security engineering experience in the Information Security industry
• Proficiency with the implementation, operationalization, and troubleshooting of other Static Application Security Testing (SAST) tools such as Semgrep, CodeQL, Veracode, etc
• Experience writing or adapting custom SAST rules (Semgrep or CodeQL)
• Familiarity with additional Application Security tools (e.g. Interactive (IAST), Dynamic (DAST) and API security, SCA, etc.)
• Familiarity with API Security tools (e.g., NoName, Traceable, Salt, Cequence)
• Practical hands-on experience validating vulnerabilities and proficiency with Burp Suite
• Strong working knowledge of Secure Development Lifecycles and experience triaging and remediating technical vulnerabilities identified by web application scanning tools
• Understanding of automated security testing approaches and tools
• Experience in building and operating security tools within CI/CD pipelines
• Experience with proactive integration of security into the development process
• Past experience as an application security practitioner or software engineer