The Senior Web Application Security Engineer position is a hands-on role that involves evaluating and enforcing application security in all phases of the software development life cycle. This position will work closely with our development teams to define the application security best practices, perform software architecture and design reviews, conduct white box security testing, and support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.
Participate in architecture and design reviews with senior development/DevOps staffs
Define and design security code analysis tools and framework
Conduct white box security testing to assess and validate application security
Define, maintain and enforce application security best practices
Monitor and track progress of found vulnerabilities and maintain the history
Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation
Issue reports on assigned application and system scans
Perform Secure Code Development Training to developers and relevant staffs
Bachelors degree in an Information Technology related field of study or equivalent experience
5+ years of experience in web or mobile application security
Expert knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers
Knowledge of cloud-based infrastructures and how they affect security needs (familiarity with Amazon Web Services is a plus)
Basic knowledge of SQL and prior experience with programming in one or more server-side technologies such as Java, JSP, PHP, ASP.Net etc.
Experience with application security code review practices and methods, such as OWASP Top Ten
Experience conducting secure code development training
Experience using Agile software development
Experience using vulnerability assessment tools/platforms such as Burp Suite, Paros, Samurai WTF, and BackTrack
Knowledge of crytopgrahic tools or security APIs is a plus
Understanding of malware such as worms, virii, Trojans
Excellent problem solving and analytical skills; outstanding oral and written communication skills
Self-motivation and the ability to work under minimal supervision are a must
Need more reasons to consider us? We offer competitive salary packages, an extensive benefits package for all full-time employees, including medical, dental, vision, stock options, bonuses, 401K, gym membership discounts and other great perks! If you would like to learn more about Cvent and our products, visit our website at www.cvent.com.