Application Security Engineer
Description:
Fanatics is searching for an experienced application security specialist to help protect Fanatics-developed applications which are used externally and internally. A successful candidate will display strong communication and technical skills and be comfortable and effective working independently and as part of a larger, highly distributed team.
We're looking specifically for folks who place an emphasis on usable security and scaling successfully through automation. Fanatics is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.
Responsible for continually improving product security by partnering with developers in all phases of software development life cycle. Work with teams to ensure security standards are maintained on the design and implementation of applications and systems in cloud and on-premises environments.
Experience Required
A minimum of 3 years of experience.
Responsibilities
Establish security best processes and practices for our mobile, on-premises and cloud-based platforms.
Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls.
Support and consult with product and development teams in the area of application security, including threat modeling and Application Security reviews.
Implement, continuously develop, and maintain secure Software Security Development Lifecycle processes and software maturity model.
Perform threat modeling, secure design, and source code review.
Conduct security assessments, security testing and validation of vulnerability scan results.
Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
Incorporate security tools/tasks to automate product development and deployment.
Develop, implement, and automate defensive controls, creating and tuning tools and rules to detect and address malicious activity. Responsible for integration of security controls into SDLC.
Establish supply chain security process and ensure 3rd party software meet the standards.
Facilitate injection, integration, and compliance for Static Application Security Testing (SAST), Container Security Scanning & Open-Source Security Analysis during development phase.
Facilitate injection, integration, and compliance for Dynamic Application Security Testing (DAST)
Contribute to triaging, addressing security issues and tracking remediation.
Own and manage Secure SDLC tooling.
Develop and customize security tools used by security teams and developers.
Work closely with development teams to build security directly into their SDLCs.
Provide remediation guidance to programmers and management.
Support bug bounty program
Support the preparation of security releases
Mentor and train development teams on secure coding standards and techniques. Develop Secure Coding Program.
Constantly innovate at the pace of the adversary using latest techniques.
Educational Requirements
Bachelor's degree in computer science, Information Systems, or equivalent combination of education and experience
Certifications in the field of Information Security (at least one of the following: CISSP, CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, GWEB)
Full time