Application Security Engineer

Work set-up: 
Full Remote
Contract: 
Full time
Salary: 
105 - 105K yearly
Experience: 
Mid-level (2-5 years)
Work from: 
United States

Offer summary

Qualifications:

Bachelor's degree in Computer Science, Software Engineering, or related field., 4-6 years of experience in penetration testing and secure code review., Proficiency with security testing tools like BurpSuite, SAST, DAST, and IAST., Strong understanding of web application vulnerabilities, OWASP Top 10, and security frameworks like OAuth and SAML..

Key responsibilities:

  • Conduct security reviews and vulnerability assessments of applications.
  • Manage application security programs including SAST, DAST, and SCA.
  • Review code and architecture designs for security concerns.
  • Collaborate with development and DevSecOps teams to improve security practices.

Green Dot Corporation logo
Green Dot Corporation Financial Services Large https://www.greendot.com/
1001 - 5000 Employees
See all jobs

Job description

We’re looking for talented professionals, anywhere in the United States, to join us in bringing smart money management and payment solutions to everyone’s fingertips.

At Green Dot, we are evolving to a new and permanent “Work from Anywhere” model designed to maximize the benefits of remote work, promote and enable a strong culture of performance and connectedness, and attract the best and brightest talent who align with our entrepreneurial spirit and mission.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>> 

JOB DESCRIPTION

We are seeking an experienced Application Security Engineer with a strong understanding of application architecture and well versed in understanding code and configurations. The ideal candidate will conduct security reviews of applications, code along with manual security assessments, vulnerability identification, and suggest mitigation strategies. This role will collaborate with development teams and DevSecOps to enhance security practices throughout the software development lifecycle (SDLC).

Key Responsibilities

  • Integrate security practices into the software development pipeline
  • Manage Application Security Assurance (SAST/DAST/SCA) program and review results to ensure security practices are being followed
  • Review code and propose architecture designs for security concerns
  • Serves as a Subject Matter Expert (SME) in application security for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements.
  • Perform Security review for g, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
  • Perform security testing of web applications/Web Services (SOAP/REST) and mobile applications(iOS/Android)
  • Familiar with Network/Infrastructure PenTest practices.
  • Support the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
  • Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept and pilot installations


Qualifications

  • Bachelor's degree in Computer Science, Software Engineering or related field or equivalent combination of education and experience
  • 4-6 years of experience in performing penetration testing, secure code review, static, dynamic and manual source code review.
  • Experience with security testing tools for SAST, DAST, IAST and Pen Testing (BurpSuite).
  • Experience in performing manual application PenTest for Web/Thick Client/Mobile and Web Services.
  • Experience with attacks and mitigation methods, Bug Bounty Programs and Threat Modeling.
  • Strong with tools like BurpSuite, Mobile SDKs, SOAPUI, Debugger….
  • Strong understanding of common software and web application security vulnerabilities, including OWASP Top 10 and SANS/CWE Top 25
  • Understanding of Single Sign On (SSO) frameworks, mechanisms such as OAuth and SAML
  • Familiar with Python or other scripting language
  • Passionate and excited about security topics and engineering.
  • Excellent communication skills, both written and verbal
  • Desire and ability to ramp up quickly on new technologies and a demonstrated ability to deal with complex technical situations.
  • Certification such as CISSP, OSCP, GPEN, CPT is a plus

POSITION TYPE

Regular

PAY RANGE

The targeted base salary for this position is $104,900 to $157,300 per year. The final compensation will be determined by a number of factors such as qualifications, expertise, and the candidate’s geographical location.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>

Green Dot promotes diversity and provides equal opportunity for all applicants and employees. We are dedicated to building a company that represents a variety of backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better our work (and work environment) will be for everyone. Additionally, Green Dot provides reasonable accommodations for candidates on request and respects applicants' privacy rights.

Work Authorization Requirement
At Green Dot Corporation, we value diversity and strive for fair and inclusive hiring practices. However, we are currently unable to offer visa sponsorship. All applicants must be legally authorized to work in the United States at the time of application and throughout the duration of employment, without the need for current or future sponsorship.

Required profile

Experience

Level of experience: Mid-level (2-5 years)
Industry :
Financial Services
Spoken language(s):
English
Check out the description to know which languages are mandatory.

Hard Skills

Secure CodingPenetration TestingVulnerability DiscoveryApplication SecurityThreat ModelingOAuthWeb ServicesSASSSingle Sign-On (SSO)Cppunit

Other Skills

  • Mobile Apps
  • Communication
  • Problem Solving
Are you interested?

Security Engineer Related jobs

See more Security Engineer jobs