Job Description

Application Security Engineer
Job Number: 21-07349
Use your skills where innovative technology solutions begin. Eclaro is looking for an Application Security Engineer for our client in Redwood, CA
Eclaro’s client is a leading technology solutions provider, collaborating with customers to manage their needs and achieve success in their business goals. If you’re up to the challenge, then take a chance at this rewarding opportunity!
Position Overview:
  • The Application Security Engineer is a senior level position that reports directly to the Director of Information Security Services, but works closely with development teams, product teams, and other teams across the organization to integrate security into the product lifecycle from design through deployment.
  • The Application Security Engineer is a subject matter expert in defining security requirements, performing application security assessments, and providing developers with remediation guidance and advice.
  • On any given day the Application Security Engineer can be pulled in to evaluate a new system, review a proposed network change, or provide guidance on application security/coding best practices.
  • Work independently with developers, system/network administrators, product owners, and other colleagues to ensure secure design, development, and implementation of applications and networks
  • Perform security design reviews of our products suite (primarily cloud)
  • Monitor and take ownership of securing our AWS environment
  • Perform code analysis of large applications, manually and using SAST and DAST scanning solutions as well as conducting manual vulnerability analysis
  • Provide remediation guidance and recommendations to developers and administrators
  • Interface with the Customer Success team to discuss and track security feature enhancement requests from our global customers
  • Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests
  • Define security best practices and standards and ensure Product Development teams understand them and receive pertinent annual secure coding training
  • Experience working with development teams to build secure solutions
  • Experience breaking down complex systems and applications to find flaws
  • Proficiency in reading, writing, and auditing Python or Javascript and the ability to pick up new languages/technologies
  • Strong familiarity with common vulnerabilities and attack vectors
  • Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs
  • Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)
  • Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments
  • The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management
  • Excellent written and verbal communication skills, interpersonal and collaborative skills
  • Must be a critical thinker, with strong problem-solving skills
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
  • Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices
  • BS, AS, in computer science + 3 years or more relevant work experience or 5+ years' experience in cybersecurity without a degree
Preferred Experience:
  • Experience using a Cloud Security and Posture Management solution (i.e. CloudGuard)
  • Experience as an Application/Product Security Engineer, Engineer or Developer
  • A background integrating security testing into the SDLC (preferably the SCRUM framework)
  • Experience providing security training to developers
  • Prior work as a consultant at a highly technical information security consultancy
  • Previous work as a technical security Engineer or related security role in a company where there is a commitment to information security and technology
  • Additional programming languages such as Java, Python, Object C
  • Demonstrated experience using DAST and SAST tools and services
  • Application Security Engineer
If interested, you may contact:
Homer Ballega
Homer Ballega | LinkedIn
Equal Opportunity Employer:
Eclaro values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online