remote

Application Security Engineer - Clear Capital

Security Engineer

Application Security Engineer at Clear Capital focuses on testing web, mobile, and microservice applications, reviewing infrastructure and open-source code, and guiding teams on secure coding practices to identify and remediate vulnerabilities.

About the role

As an Application Security Engineer you will perform application security testing on web applications, mobile applications, microservices, infrastructure code, and open source code in order to expose weaknesses in their design and/or configuration that make them susceptible to exploitation.

What You Will Work On

Collaborate with internal teams to define the scope of application security testing activities, including the number and types of applications to be tested, and the testing methodology.
Plan and carry out application security testing in all phases of the software development life cycle to identify vulnerabilities in application code and weaknesses in secure coding practices.
Use test results to create reports that detail discovered security issues, assess risk levels, and provide actionable recommendations.
Assess discovered vulnerabilities and recommend solutions to reduce risk and mitigate security impacts to the application environment.
Focus on automation to aid in efficiencies with both testing and remediation of findings.
Communicate findings, risks, conclusions, and recommendations to stakeholders.
Consider the impact your testing will have on the business and its users.
Clearly articulate and convey the potential business or operational impact of unaddressed security vulnerabilities.

Who We Are Looking For

3-5 years of proven experience in application security testing, including Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Open Source Security (OSS) testing, Software Composition Analysis (SCA), Infrastructure as Code (IAC).
Bachelor’s Degree, ideally in a technically related field (Computer Science, Information Technology, Software Engineering), or equivalent work experience.
Relevant certifications: EC-Council Certified Application Security Engineer (C|ASE), (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP), GIAC Web Application Penetration Tester (GWAPT)
Experience testing web applications for OWASP Top Ten security vulnerabilities.
A thorough understanding of the Software Development Life Cycle (SDLC).
Experience in promoting and implementing secure coding practices, and providing training and education to development teams on secure development practices.
Strong verbal and written communication skills with the ability to clearly articulate technical concepts to both technical and non-technical audiences.
Attention to detail, to plan and execute tests that meet all requirements.
Ability to prioritize tasks and manage time effectively to meet deadlines.
Ethical integrity to be trusted with a high level of confidential information.
Ability to collaborate with team members and share knowledge.
Exceptional analytical and problem-solving skills and the persis

About the role

What You Will Work On

Collaborate with internal teams to define the scope of application security testing activities, including the number and types of applications to be tested, and the testing methodology.
Plan and carry out application security testing in all phases of the software development life cycle to identify vulnerabilities in application code and weaknesses in secure coding practices.
Use test results to create reports that detail discovered security issues, assess risk levels, and provide actionable recommendations.
Assess discovered vulnerabilities and recommend solutions to reduce risk and mitigate security impacts to the application environment.
Focus on automation to aid in efficiencies with both testing and remediation of findings.
Communicate findings, risks, conclusions, and recommendations to stakeholders.
Consider the impact your testing will have on the business and its users.
Clearly articulate and convey the potential business or operational impact of unaddressed security vulnerabilities.

Who We Are Looking For

3-5 years of proven experience in application security testing, including Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Open Source Security (OSS) testing, Software Composition Analysis (SCA), Infrastructure as Code (IAC).
Bachelor’s Degree, ideally in a technically related field (Computer Science, Information Technology, Software Engineering), or equivalent work experience.
Relevant certifications: EC-Council Certified Application Security Engineer (C|ASE), (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP), GIAC Web Application Penetration Tester (GWAPT)
Experience testing web applications for OWASP Top Ten security vulnerabilities.
A thorough understanding of the Software Development Life Cycle (SDLC).
Experience in promoting and implementing secure coding practices, and providing training and education to development teams on secure development practices.
Strong verbal and written communication skills with the ability to clearly articulate technical concepts to both technical and non-technical audiences.
Attention to detail, to plan and execute tests that meet all requirements.
Ability to prioritize tasks and manage time effectively to meet deadlines.
Ethical integrity to be trusted with a high level of confidential information.
Ability to collaborate with team members and share knowledge.
Exceptional analytical and problem-solving skills and the persis

Application Security Engineer - Clear Capital

About the role

Application Security Engineer - Clear Capital

About the role

Skills