Application Security Engineer

COMPLY is seeking a skilled Application Security Enginee r with 2-4 years of experience to join our dynamic team. The ideal candidate will have a passion for ensuring the security and integrity of our applications protecting sensitive data and implementing industry best practices to mitigate risks. As an Application Security Engineer you will play a crucial role in identifying vulnerabilities designing secure solutions and collaborating with cross-functional teams to implement robust security measures.

Responsibilities:

• Conduct security assessments code reviews and penetration testing of web and mobile applications to identify vulnerabilities and weaknesses.

• Develop and implement security controls including authentication mechanisms encryption methods access controls and logging mechanisms.

• Collaborate with software development teams to integrate security best practices throughout the software development lifecycle (SLDC).

• Work closely with DevOps teams to automate security testing and incorporate security into CI/CD pipelines.

• Monitor and analyze security alerts and incidents investigate root causes and implement corrective actions.

• Stay up-to-date with the latest security threats vulnerabilities and industry trends and proactively recommend security enhancements.

• Provide security guidance and support to development teams including training on secure coding practices and threat modeling.

• Participate in security incident response activities including incident detection containment and recovery.

• Assist in the development and maintenance of security policies standards and procedures.

• Collaborate with internal teams and external partners to ensure compliance with regulatory requirements and industry standards (e.g. CPRA GDPR SOC2 etc.).

• Work closely with Engineering stakeholders and contracted pen testers to see the pen test and vulnerability scanning through from kick-off to completion on a regular basis.

Qualifications:

• Bachelor’s degree in Computer Science Information Systems Information Security or a related field.

• 2-4 years of professional experience in application security including hands-on experience with security testing tools and techniques

• Strong understanding of web application security principles including OWASP Top 10 vulnerabilities.

• Proficiency in programming languages such as C# PHP Python with the ability to understand and review code for security issues and vulnerabilities.

• Experience with security testing tools such as Burp Suite Snyk etc.

• Knowledge of secure coding practices cryptographic protocols and secure software design principles.

• Familiarity with cloud computing platforms (e.g. AWS Azure GCP) and containerization technologies (e.g. Docker Kubernetes)

• Excellent communication skills with the ability to effectively communicate complex security concepts and principles to technical and non-technical stakeholders.

• Relevant security certifications such as CEH CISSP or OSCP are a plus.

• Strong analytical and problem-solving skills with a proactive and results-oriented mindset.

$100000 - $120000 a year

The compensation range for this role is specific to the United States. It takes into account a wide range of factors that are considered in making compensation decisions including but not limited to skill sets training licensure and certification and experience. A reasonable estimate of the base salary range for this role would be $100000- $105000 plus applicable bonus/benefits offerings etc. as those similarly situated within the Company.

COMPLY is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion disability sex sexual orientation gender identity or national origin. Nothing in this job posting should be construed as an offer or guarantee of employment.