Engineer - Application Security

Wiley
21 days ago
tie
0 Applied
Expires on: Oct 18 2024
tie

Ref.No 00006299

Description

How you will make an impact:

 

· Conduct application security assessments, encompassing static application security testing (SAST), dynamic application security testing (DAST), code reviews, penetration testing, and security architecture evaluations.

· Collaborate with development teams to integrate security into the software development lifecycle (SDLC).

· Performing threat modeling, design reviews, and secure code reviews on applications and systems

· Provide detailed explanations of common attack vectors such as SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) to both developers and management.

· Investigate and keep track of new threats and vulnerabilities, stay informed about current industry and technology trends and opportunities, and evaluate their effects on applications and the business.

· Work closely with Development and DevOps engineers to assess and implement security tools within development environments.

· Utilize the OWASP Software Assurance Maturity Model (SAMM) to assess, formulate, and implement a comprehensive software security strategy within the Software Development Lifecycle (SDLC).

· Develop documentation for application security metrics, policies, procedures, standards, guidelines, and training

· Assist with Wiley’s Security Champions program by providing application security expertise to developers and SREs.

· Stay up-to-date with the latest security trends, tools, and technologies.

· Provide security training and awareness to development teams.

· Assist in the development and maintenance of application security documentation.

 

 

What we look for:

 

· Minimum of 2-4 years of experience in increasingly complex, security-related roles

· Strong ability to effectively communicate with colleagues at all levels in the organization, including explaining complex issues and information in simple and actionable ways.

· Expertise in core application security principles

· A strong understand of common software development process

· Strong leadership and strategic thinking skills.

· Experience working with a highly technical and skilled team

· Preferred experience working with SAST, IAST, DAST, RASP and other common application security solutions.

· Certifications (optional but beneficial): CISSP, CEH, OSCP, OSWE, ESEE

Skills
DevSecOps
communication
Application Security
SSDLC concepts
stakeholder management
DAST/SAST
Industry Sector