Description
Application Security Engineer
Job Summary
My client is urgently looking for a Application Security Engineer to join their team in Sweden with immediate start. In order to proceed with this position you must be willing to relocate to Sweden as there is no remote working opportunity initially.
The DevOps team works to embed security seamlessly into the development life cycle of technology systems and services. We are looking for an Application Security Engineer who can enable development teams to deliver secure-by-design applications by providing cybersecurity expertise and guidance throughout the system development life cycle. As an Application Security Engineer, you will integrate tools and analyze the security of Ikano data, systems, and applications. This position will provide you with a challenging opportunity to learn and grow.
The Client is moving very quickly on this role so will be a great opportunity to get yourself into employment fast. Please see the below requirements for this position. be an early applicant and secure yourself an interview this week!
Responsibilities
Partner with Application Development, DevOps, Quality Engineering, Quality Assurance, and Infrastructure teams to support a continuous "Secure by Design" model to integrate into the full Software Development life cycle.
Discover opportunities to drive integration& automation of application& cloud security controls into CI/CD pipelines.
Lead vulnerability management for application and AWS cloud security and provide remediation support and security expertise.
Track and report security vulnerabilities and remediation activities to Ikano Security
Design threat models to assess security risks with new applications or features.
Perform application security reviews, verify cloud security configuration, and assess for secure code development.
Communicate technical application security concepts and recommendations to developers, architects, and functional leaders.
Promote secure coding practices within the software development teams.
Continually research and maintain awareness of current vulnerabilities, exploits, and application related cyber threats.
Provide support, maintenance & policy creation, for SAST, DAST, SCA, Container Security & WAF solutions.
Requirements
Minimum 5 years of direct experience in application security, software development security, and/or application penetration testing.
Application or security certifications preferred (eg, CISSP, CCSP, CSSLP, OSCP, GWEB, CEH, etc.)
Experience working with fast moving Agile development teams
Experience in Cloud security including AWS.
Developing, integrating, and enabling security engineering test automation into a CI/CD pipeline.
Good knowledge or Development experience with Java, JavaScript, NodeJs, Angular, REST API a must.
Experience with any of the application security tools as SonarQube, OWASP Dependency Track, OWASP Dependency Check, Portswigger BurpSuite.
Experience with security in containerized infrastructure (Docker, Kubernetes, EKS)
Hands-on on container security tools like Anchor, Docker Bench, Kube Bench
Know and recognize application security issues such as cross-site Scripting, cross-site request forgery, authorization, injection attacks, etc. in code and provide remediation recommendations.
Subject matter expert of OWASP or SANS.
Empiric is one of the fastest-growing technology and transformation recruitment agency's specialising in data, digital, cloud and security. We supply technology and change recruitment services to businesses looking for both contract and permanent professionals. We are committed to delivering more female candidates and those from minority backgrounds and be instrumental in changing the gender and diversity imbalance within the tech sector.