Junior Application Security Engineer
Description:
Junior Application Security Engineer
Wilmington, DE-Hybrid
Monday through Friday 8:00 a.m. to 5:00 p.m.
Candidates for this position must be eligible to work in the United States without sponsorship. Time on-site or time zone may be necessary based on business need.
Some of the things you will be doing:
Provide expertise in the Application Security areas of Web Application Security Services, API Security and Application Security Testing.
Develop policies to protect web application and API's from malicious payload attacks, provide virtual patching capabilities and validation with Security Testing.
Assist in developing an automated security framework for robust deployment tools and processes, leveraging various scripting languages and open-source solutions.
What technical skills, qualifications, and experience do you need?
Knowledge in building the F5 WAF, API Security, BOT protection, DOS/DDOS protection policies and extending them to hybrid cloud environment -AWS and Azure environment
Familiarity with DevSecOps ecosystem: Terraform, Ansible, GitHub, Jenkins, Azure DevOps, SAST, DAST & SCA
Knowledge of Cloud & Kubernetes Resource Security, Secure Network and Architecture, SDLC standard and policies
Familiarity with Web App Protection AWS and Azure App Protection Policy, Configuration, and Security Management tools
Expertise in Programming languages Python, NodeJS, SQL query and Vulnerable Code remediation.
Stay up to date with the latest application security threats and trends
Proficiency in designing, implementing, and maintaining effective security policies for web applications using WAF technologies
Experience coordinating and performing vulnerability assessments using automated and manual tools
Ability to review and analyze WAF logs to detect and respond to security incidents promptly
Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives
Experience with BI Design and Development
Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, RFC2196, etc.)
Familiarity with common security libraries, security controls, and common security flaws
Permanent