Senior Application Security Engineer

5+ years hand-on experience in performing penetration testing on web applications and web services
Proven practical experience in integrating security as part of SDLC (security by design, security code reviews, security tests etc.)
Highly proficient in scripting, client-side programming and query languages (such as Python, JavaScript, SQL)
Experience with the industry-recognized application security tools (BurpSuite, SQLMap, Invicti, Checkmarx etc.)
Ability to handle multiple tasks, prioritize and meet deadlines

Perform manual web application penetration testing on the Ivalua SaaS application product, web services as well as the corporate critical or internet-facing web applications
Enhance/Optimize the application security tooling scanning configurations (SAST, DAST, SCA) to reduce false positives/negatives
Write and maintain in-house automated scripts to complement the scanning tool gaps and industrialize the manual security tests
Act as the main POC for analyzing, discussing and reviewing the technical audits findings from US customers
Advocate and support the implementation of security best practices as part of the development lifecycle within the R&D department including security design reviews and security testing of major product changes or enhancements
Support the analysis, reporting, tracking and retesting of security vulnerabilities reported through multiple sources (customer, internal and external audits) and provide guidance to developers to fix these in a manner consistent with Ivalua standards
Contribute to develop, enhance, maintain and deliver a developer security training program and maintain secure development guidelines
Act as one of the SME on application security and stay apprised on new vulnerabilities, threats, risks, tools and techniques

An Offensive Security qualification or evidence of starting to work towards e.g. OSCP, OSWE, GPEN, GWAPT, CPTS, Hack-the-Box labs or root-me challenges or similar is preferred but not required