Senior Application Security Engineer
Description:
As a Senior Application Security Engineer at Entrata, you will play a pivotal role in defining and implementing advanced security measures to protect our software applications and client data.
The ideal candidate will bring extensive experience in Static and Dynamic Application Security Testing(DAST/SAST) methodologies and a track record of providing strategic leadership in application security.
Responsibilities will include:
SAST (Static Application Security Testing): Implement SAST tooling into our CI/CD pipeline to identify and prevent vulnerabilities in code before they reach our product.
DAST (Dynamic Application Security Testing): Perform manual and automated security assessments against our application. Implement robust automated scanning tooling across our web and mobile applications.
Secure Coding Education: Develop secure code recommendations and guidelines for the organization to follow during the SDLC. Regularly educate the organization on these principles.
Threat Modeling: Drive the development and maintenance of comprehensive threat models for Entrata's applications. Regularly perform threat models for critical components.
Vulnerability Management: Lead and guide development teams in implementing effective remediation strategies for identified vulnerabilities.
Secure Architecture Recommendations: Provide strategic direction and oversight in integrating security measures into the software architecture. Review and provide security recommendations for key software architecture decisions.
Minimum Qualifications:
Bachelor's or Master’s degree in Computer Science, Information Security, or a related field.
6+ years of experience in a Security-related field for a Master’s degree, 8+ years for a Bachelor’s. At least 4 years of experience in an Application Security role.
Deep knowledge of web application frameworks and technologies.
Strong understanding of cloud security principles
Experience managing SAST tooling in a DevSecOps role
Experience pen testing web applications, and experience with automated DAST tooling
Strong interest in information security, particularly in software security
Strong understanding of computer science and software development lifecycles
Basic understanding of security frameworks and standards (e.g., ISO 27001, CIS AWS Foundations).
Excellent problem-solving skills and attention to detail.
Strong communication skills and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders
Proven ability to lead and collaborate in a team-oriented environment. Experience in mentoring and guiding junior team members.
Relevant certification, such as CompTIA Sec+
Preferred Qualifications:
Dedicated software engineering experience developing SaaS applications
Experience with cloud security tools and technologies
Familiarity with PHP and NodeJS
Familiarity with scripting and automation for security tasks (e.g., Python, PowerShell).
Understanding of threat detection and incident response processes.
Awareness of cloud compliance and audit procedures.
Familiarity with security tooling such as Wiz, Splunk, or other open source equivalents
Advance certifications, such as CISSP, CCSP, CFI, CEH, OSCP, or others
Full-Time