Application Security Engineer

Successful candidate will be security evangelists who can translate
security concepts into language that is meaningful to many audiences,
including business and technical leaders and individual contributors.
Candidates must be able to approach application security from the
perspective of risk management and avoid purely academic thinking
about software security.
Candidate must have excellent verbal and written communication
skills
Candidate should be familiar with waterfall and agile
development processes and have experience integrating secure
development practices into both models.
The ideal candidate has experience writing and testing web
applications and web services in the following programming languages:
Java, and JavaScript. The candidate should have familiarity with a
variety of development and testing tools, including: App Scan tools,
check marx, Qualys, Burp Suite, WAF, Mob SF, Frida, Jenkins and etc.
Candidate must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques.
Strong exposure to OWASP top 10, TCv2 & MITRE
Hands on experience in threat modeling, SAST, DAST and web application security
Experience with API Eco System and API security
Experience with cross-platform development (iOS, Android & Web)
Candidate must have experience in planning multi‐year roadmaps.
A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
Excellent written and oral communication skills at all levels, strong communicator and ability to articulate and communicate complex IT- related business
Bachelor’s degree in Computer Science, MS in Engineering or related field preferred with 2+ years of work experience (2-5 years of experience)
Must have cyber security related certificate.