About the Role
Validity is looking for a senior application security engineer to join our security and privacy team. As our AppSec expert, you will partner with our product development and web content teams to assess our code, applications, and sites, prioritize risks for remediation and help us shift security left in our SDLC. You will lead our own third-party pen tests and will also lend a hand in day-to-day security operations.
Position Duties and Responsibilities
- Identify false-positive findings from DAST and SAST tools and suggest remediation paths for valid findings.
- Work on security reviews, building collaborative relationships with developers and engineers across the organization.
- Analyze software architecture to identify weaknesses & develop opportunities for improvement.
- Execute complex technical projects with minimal oversight. Oversee development of security components throughout all stages of the SDLC.
- Conduct security reviews & penetration testing of systems, source code, and applications
- Perform security reviews of source code, stored procedures, datastores, and server/service configurations.
- Perform manual and automated security testing. Define and document application security requirements.
- Provide accurate & timely reporting on all project deliverables.
- Provide practical application security best-practice guidance to Validity.
Required Experience, Skills, and Education
- 5+ years Information Security Engineering experience, in a technical capacity.
- Must have the ability to work effectively across the organization/collaborate effectively with both technical and non-technical team members, possess excellent oral & written communications skills, and demonstrate effective problem-solving skills.
- Familiarity with market-leading security tools, commercial offerings for application security testing and analysis.
- Good understanding of RESTful APIs and microservices.
- Advanced knowledge of web application testing tools. Ability to write proof-of-concept exploits required.
- Working knowledge of application containers frameworks and technologies (Docker, Kubernetes, etc.).
- Experience with penetration testing web-based SaaS applications and systems operating out of Cloud infrastructure (AWS, Azure, etc.).
- Knowledge of application-level attacks and mitigation methods, with a thorough understanding of OWASP top 10.
- Knowledge of DAST and SAST systems.
- CEH, eCPPT, eWPT, GWAPT, OSCP, or equivalent experience.
Preferred Experience, Skills, and Education
- BS, MS in Computer Science or equivalent experience.
- Experience with Qualys and Checkmarx, Burp Suite.
- Basic knowledge of PHP, Python, and Ruby.
- CI/CD pipeline.
- DAST, SAST tools.
- Paid Holidays
- Unlimited PTO
- Parental Leave
Pay Range: $70,000 - $110,000 base, plus up to 10% bonus opportunity, and stock options.
Final salary may vary depending on skills, location, and/or experience.
This position can be in office/remote, hiring in the following states only:
AL, AR, AZ, CA, CO, CT, FL, GA, HI, ID, IL, IN, KS, KY, MA, MD, ME, MI, MO, NC, NE, NH, NJ, NV, NY, OH, OK, PA, RI, SC, TN, TX, UT, VA, VT, WA