Job Description :
Job Title: Application Security Engineer Location :- Glendale, AZ Job Information Application Security Engineer You will work closely with our cybersecurity teams, application development teams, and operations teams conducting security testing, penetration testing, purple teaming, and breach / attack simulation. Help us re-think what it means to be a secure insurance provider delivering capabilities in a fast-changing, highly competitive market. Your day could include and experience we would like to see: Perform penetration testing and secure code testing activities Provide tactical and strategic guidance and detailed remediation advice aimed at helping clients achieve strong security postures Consult with development teams and provide them with information about application security and secure development lifecycle processes Automated testing in a DevSecOps process (Static Application Security Testing SAST, Dynamic Application Security Testing DAST, and other technologies as necessary into the overall SSDLC process design. Managed real time application protection software and web application firewalls to provide proactive prevention of known attacks Track and monitor current and trending practices in software engineering, DevOps and application security Assist with the development and operational aspects related to purple teaming and breach / attack simulation, advanced our capabilities to both detect and prevention known attacks while mapping those activities to the MITRE ATT&CK Framework Obtain and evolve technical expertise, certifications, and industry credentials through formal and informal training and other educational initiatives Education, Certifications and nice to have: Must have 3+ years of experience in application/network/web/mobile penetration testing and tooling, purple team, or application security engineering and architecture, preferably in a large and distributed operating environment Demonstrated expertise in Application Security, specifically web and mobile application security, configurations, vulnerability assessments Proficient knowledge of web development, including but not limited to Ruby, advanced JavaScript libraries (React, Angular, Knockout), Node.JS, JQuery, Object-Oriented Design, Web Services (REST/SOAP) Professional experience with any of the following: Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr Expert knowledge of OWASP Top 10 and ability to articulate web security risks Knowledge of automated DAST, SAST, and RASP tooling is preferred, including but not limited to OWASP Zed Attack Proxy, BURP Suite, Nessus, Metasploit, Postman, HP WebInspect, Qualys, or WhiteHat Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc is a plus Possession of industry standard certifications such as OSCP, CEH, GWAPT, GPEN and/or other relevant penetration testing related certifications is a plus Knowledge of SDLC, Agile, Waterfall, or Scrum Information Security, Security Testing and/or Risk Analysis Experience A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including: risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion Proven excellent relationship management skills with all levels of the enterprise are required. Ability to effectively collaborate across teams