Skip to content
Application Security Engineer
| Company | RxSense |
|---|
| Location | Princeton, NJ, USA |
|---|
| Salary | $120000 – $140000 |
|---|
| Type | Full-Time |
|---|
| Degrees | Bachelor’s |
|---|
| Experience Level | Mid Level |
|---|
Requirements
- BS in Information Systems preferred but appropriate experience is acceptable
- 3+ years of experience in application security is required.
- Must have the ability to identify, analyze and solve security risks pragmatically
- Familiarity with web application architecture, APIs, and cloud environments
- Experience with security standards and frameworks, such as OWASP, NIST, or CIS
- Practical understanding of common application security vulnerabilities
- Excellent problem-solving and analytical skills with demonstrated ability to investigate and solve complex problems
- Excellent communication skills are needed with demonstrated ability to work with multiple organizational functions and levels
- Certifications a plus; GWAPT, GWEB, CISSP, etc.
Responsibilities
- Work with development and product teams to define security requirements and ensure they are followed
- Partner with development and product teams to drive remediation of security gaps
- Coordinate 3rd party penetration tests and work with internal teams to remediate findings
- Perform architecture and design reviews on company applications
- Monitor and analyze application security logs and events to detect and respond to security threats
- Perform monitoring and management of Web Application Firewall
- Interpret and manually validate Static Application Security Testing (SAST) results
- Manage SAST, SCA and DAST tools to ensure comprehensive testing and remediation of findings
- Analyze and report on risks discovered through application security testing
- Participate on project teams as InfoSec representative
- Ability to quickly adapt to changing priorities as business needs change
- Excellent interpersonal and communication skills a must
Preferred Qualifications
- Knowledge and experience with techniques, tools and practices pertaining to securing the SDLC (Software Development Lifecycle).
- Experience with software development, programing, scripting.
- Experience with OWASP ZAP or Burp Proxy
- Experience with static application security testing tools
- Knowledge and experience with implementing and managing web application firewalls
- High level understanding of securing Cloud Platforms, AWS and GCP, cloud architecture
- Although the position is in application security domain, a broad interest/experience across the whole security domain would be an advantage
