Application Security Engineer

Join a multibillion-dollar global company that brings together amazing technology, people, and operational scale to become a powerhouse in the memory industry. Headquartered in Rancho Cordova, California, Solidigm combines elements of an established, successful technology company with the spirit, agility, and entrepreneurial mindset of a start-up. In addition to the U.S. headquarters and other facilities in the U.S., the company has international presence in Asia, Europe, and the Americas. Solidigm will continue to lead the world in innovating new Memory technologies with aspirations to be the #1 NAND memory company in the world. At Solidigm, we view problems as opportunities to define innovative solutions that hold the power to change the world and unleash the potential technological needs that the future holds. At Solidigm, we are One Team that fosters a diverse, equitable, and inclusive culture that embraces individual uniqueness and empowers us to bring our best selves to deliver excellence in support of Solidigm's vision and mission to be the go-to partner for optimized data storage solutions. You can be part of the takeoff of an innovative business that develops cutting-edge products, delivers strong business value for customers, provides an engaging workplace for its employees, and serves a greater impact on the world. This is a golden opportunity for the right applicant to join us and help design, build, and lead Solidigm. We want a diverse team of dedicated professionals who will not just be Solidigm team members but contribute to how we shape the future of the organization. We are seeking applicants who will grow and thrive in our culture; be customer inspired, trusting, innovative, team-oriented, inclusive, results driven, collaborative, passionate, and flexible.

As an Application Security Engineer, you will be an integral part of our technology team, focusing on enhancing the security posture of our software development lifecycle (SDLC). Your role will be crucial in conducting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and specializing in Blackduck testing to support our engineering and DEVOPS teams

Key Responsibilities:

• Design and develop application security controls focusing on authentication, authorization, access control, secrets management, logging, and monitoring based on enterprise cyber capabilities such OKTA, CyberArk, SailPoint and Splunk
• Perform implementation and operations of SAST (Klocwork, Coverity, Fortify SCA, Clang) and DAST (WebInspect, Invicti, Checkmarx, BurpSuite) to identify and mitigate security vulnerabilities.
• Conduct thorough security assessments and validations to ensure the effectiveness of implemented controls.
• Serve as the go-to person for facilitating the implementation of application security controls in all in-house developed applications, SaaS solutions, and vendor-developed/hosted applications.
• Work closely with cross-functional teams to remediate identified vulnerabilities and enhance overall application security posture.
• Stay abreast of the latest industry trends, emerging threats, and advancements in application security.
• Ensure compliance with industry standards, guidelines and best practices such as OWASP (Open Web Application Security Project), SANS.
• Conduct regular assessments and audits to verify adherence to OWASP standards and address any identified gaps.
• Collaborate with incident response teams to investigate and mitigate security events related to application security.
• Foster strong partnerships with development teams, IT operations, and other relevant stakeholders to promote a culture of security awareness and collaboration.
• Communicate complex security concepts effectively to both technical and non-technical audiences.

• Proven experience in application security with a focus on authentication, authorization, access control, secrets management, logging, and monitoring.
• Industry-standard certifications such as CISSP, CSSLP, Certified Ethical Hacker (CEH), or equivalent.
• Security vendor certifications such as Checkmarx, Coverity, Klocwork, BurpSuite, WebInspect and Fortify SCA
• In-depth understanding of OWASP guidelines and best practices.
• Strong programming/scripting skills in Python, PowerShell and familiarity with modern development frameworks.
• Excellent communication and interpersonal skills.