Job Summary:
Esri is a technology-oriented company that focuses on creating positive global change through GIS technology. They are seeking a Sr. Application Security Engineer to enhance the security of their applications, collaborating with various teams to design security measures, perform testing, and provide guidance to developers.
Responsibilities:
• Design, operate, and continuously improve application security testing capabilities and pipelines
• Assess application risks and recommend mitigations
• Perform application layer security reviews of the code developed by our application teams, across multiple languages and frameworks used internally
• Assist with application layer penetration testing to identify potential issues
• Provide application security guidance and mentorship to development teams as needed
Qualifications:
Required:
• 5+ years of experience in application security, including manual and automated code reviews, manual penetration testing, dynamic application security testing, and false positive analysis of code, pen test, and open-source security findings
• Demonstrated experience determining risk based on analysis/findings using a consistent risk management framework
• Proven ability to develop automations/applications using Python, Typescript, Java, or PowerShell
• Experience creating and maintaining reusable GitHub Actions workflows, with expertise in all aspects of GitHub workflow management
• Hands-on experience working in a DevSecOps environment built on Kubernetes with a strong knowledge of Kubernetes security best practices
• Ability to read and analyze code for security and design vulnerabilities
• Solid understanding of common web application security standards (HTTP, OAuth, OIDC, REST, and more)
• Experience working with cloud platforms, specifically AWS and Azure
• Willingness to learn new skills and enhance workflows using various AI tools
• US citizenship and willingness and ability to maintain a US Security Clearance
• Bachelor’s degree in computer science or related field
Preferred:
• Proficiency in any of the following languages: C#, Python, Bash/Shell, PowerShell, JavaScript, SQL, Java
• Familiarity with AI-assisted coding practices, including tools such as GitHub Copilot, and an understanding of the security implications and risks introduced by AI-generated code
• Practical experience interpreting findings from application pen testing, code scanning and open-source scanners to determine the risk and collaborate with developers to resolve them
• Understanding of layer 2-7 communication protocols, common encoding and encryption schemes, and algorithms
Company:
Esri is a software company that devolops geographic information system software, location intelligence, and mapping. Founded in 1969, the company is headquartered in Redlands, USA, with a team of 5001-10000 employees. The company is currently Late Stage.