App Security Engineer

Responsibilities

Priorities can often change in a fast-paced environment like ours, so this role includes, but is not limited to, the following responsibilities

• Strengthen security and integrity of application and product features, ensuring known exploits are mitigated and potential threats are addressed.
• Work closely within the engineering and development team to identify the best course of action to proactively protect features and implement countermeasures.
• Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
• Own and perform application and product security vulnerability management.
• Support the bug bounty program.
• Facilitate and support the preparation of security releases working closely with engineering and development teams.
• Support and consult with engineering, product and development teams in the area of application security.
• Assist in creation and delivery of application security training program and security champions program.
• Assist in development of automated security testing to validate that secure coding best practices are being used.
• Support both engineering and security operations efforts.

Qualifications And Experience

• BS in Computer Science or related field, or equivalent work experience.
• Minimum of 5-8 years of experience with application security engineering,
• Familiarity with common security libraries, security controls, and common security flaws.
• Development, engineering and scripting experience and skills.
• Experience with OWASP, static/dynamic analysis, and common security tools.
• Minimum of 4 years of experience with any combination of the following: application security, threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.

Nice To Have

• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
• Experience working with teams in multiple geographical locations
• Strong experience in performing penetration tests and/or vulnerability assessments for mobile applications and networks.
• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
• Experience working with teams in multiple geographical locations
• Strong experience in performing penetration tests and/or vulnerability assessments for mobile applications and networks.

Minimum Requirements

• In-depth knowledge with reverse engineering and advanced debugging.
• Ability to identify code vulnerabilities and exploits.
• Strong knowledge with malware detection methods.
• Strong knowledge with mobile app stores and mobile applications distribution processes.
• Strong Java and/or Objective C development skills on mobile titles.
• An in-depth knowledge of security issues (e.g. OWASP Top 10 as well as latest vulnerabilities) is required.
• Proactively collaborating with development teams to encourage smart development that considers security before it becomes an issue
• Collaborate with other security teams to take their findings and develop solutions with development teams
• Provide information to other teams as they communicate with customers about our security solutions
• Advise on MDM solutions, and advocate adherence to Enterprise security policies
• You will be in charge of researching new threats and collaborating with Pen Testing Team to ensure these new threats are being tested
• Review mobile network for potential security risks
• Knowledge of interaction between mobile and web and the security risks that are associated with this relationship
• Evaluate third party security libraries/ solutions