Application Security Engineer
About The Role
The application security engineer will be responsible for maintaining the security of all Yello web and mobile applications. They’ll use a variety of tools and strategies to detect, mitigate/remediate vulnerabilities. The application security engineer will collaborate closely with Engineering to incorporate security into all phases of the SDLC.
How You'll Make An Impact
You will play a critical role on a small team of talented engineers focused on securing our cloud-based, cutting-edge solutions for our client-partners.
Application Security Engineer Responsibilities:
- Integrate security tools, processes, policies, and standards into the product/application development lifecycle.
- Maintain and ensure compliance with internal application security policies and standards.
- Perform and manage developer security trainings upon hire and annually.
- Manage internal and external penetration testing (Act as a subject matter expert)
- Manage application framework and perimeter security improvement projects.
- Provide security requirements for test-driven design.
- Provide metrics that report the state of application security programs and performance.
- Work with Engineering teams to promote a DevSecOps culture.
Specific Responsibilities (Controls and Processes):
- Conduct manual security code reviews
- Perform static and dynamic application security testing using manual/automated tools.
- Lead application assessments (external/internal).
- Perform infrastructure security monitoring in partnership with the Infrastructure team.
- Communicate application security policies and standards to engineers and product managers.
- Collaborate with Product leads and engineering leads to ensure new features meet security requirements
- Identify application security gaps in relation to various compliance frameworks or client requirements.
- Own internal tools development and maintenance.
- Remediate identified vulnerabilities in Yello applications.
- Work with Information Security Officer on Risk Acceptance
What We're Looking For
- Computer Science or related degree or equivalent experience.
- 4+ years of professional application security experience
- Proficient in programming (Ruby on Rails preferred)
- Familiar with OWASP TOP 10/SANS-25
- Familiar with Testing tools ( Burp, ZAP, etc.)
- Outstanding written and verbal communication skills
- Experience with Threat Modeling (STRIDE)
Additional Information
We are the trailblazers in our space and we continually strive to learn and grow, but there is always time to celebrate a colleague's birthday or a recent success. We dress casually, have one of the best views in the city and the whole team sports Apple laptops. Our CEO Jason Weingarten and President Dan Bartfield always have their office doors open. And with opportunities for professional advancement, medical, dental and vision insurance, and a 401K match – Yello has you covered.
- Yello is an Equal Opportunity Employer. All applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
- Candidates local to Chicago are preferred.
- You must be authorized to work in the United States.
- Must be able to sit or stand for continuous periods of time
- This role frequently communicates/interacts with individuals, must have strong written and oral communication skills
- Yello reserves the right to assign or reassign the responsibilities and requirements to this job at any time