Sr Lead, Application Security Engineer

Act as a subject matter expert for Application Security with a focus on dynamic code scanning (DAST)
Expert in the preparation and execution of dynamic scanning of applications
Collaborate within the SSDLC space for other team functions like SAST, Open Source Security, pen-testing and threat modeling.
Developer awareness and training are a strong focus of the SSDLC team. Organize knowledge sessions and training for dev teams on secure development and testing. Provide expert advice on SSDLC topics. Participate in and help improve the security champions program and application security training curriculum.
In addition to technical ability, an awareness of broader risk landscape and the ability to understand and improve SSDLC and related processes is desirable. Must pick up the skills to influence and collaborate with various teams to further security goals and objectives.
We are a geographically distributed; willingness to function with people across locations is expected.
Specific knowledge/ skills:

• Experience in code scanning using one or more popular DAST tools is required.
• A background in security architecture and application security basics like web-app security, OWASP Top Ten and familiarity with exploitation patterns and mitigations are required.
• Familiarity with DevSecOps pipelines, methods and practices is required.
• Knowledge of security architecture and development of secure software / secure coding is required.
• Past experience in SAST, threat modeling, open source scanning and penetration testing is preferred.
• Experience in secure development in a cloud environment is preferred.
• Background in application development, such as building apps in at least one language in recent history, is preferred.
• Experience using ServiceNow is preferred.

A College or University degree and/or relevant work experience is required
7+ years of overall experience in software development and information security, including 2+ years in application security.