Full-Time Application Security Engineer

As an Application Security Engineer, you will support the implementation of G-P’s established application security program. You will assess the company's web technologies using enterprise-grade tools and coordinate remediation efforts with engineering teams.

Key Responsibilities:

• Participate in threat modeling exercises with engineering team members
• Triage SCA/SAST/DAST/CSPM findings by eliminating false positives and providing well-vetted vulnerabilities to engineering teams
• Support vulnerability management efforts for networks and infrastructure
• Partner with engineering teams ensuring timely remediation of security findings
• Perform security assessments, reviews, and internal penetration tests
• Support application security programs and security team initiatives
• Develop scripts and tools to automate repetitive security tasks, such as log analysis, patch management, and incident detection
• Build custom solutions to integrate security tools with existing systems using languages like Python, JavaScript, or Go

What We Are Looking For:

Education: BS (or higher) in Computer Science or related field, or equivalent work experience.

Experience: 3+ years of experience in application security with any combination of the following: threat modeling experience, secure design reviews, code reviews, pen-testing

Skills: Excellent communication skills and business acumen, Proficiency in coding/scripting languages (e.g., Python, Go etc.), Web application penetration testing experience (CTFs, Bug Bounty, etc), Amazon Web Services (AWS) security and engineering knowledge and/or experience, Experience with developing or testing web application technologies

Nice to have: security certifications (OSCP, OSWP, eCPPT, eWPT, Security+), Experience with Linux, Docker, Terraform, and programming against REST APIs

What is the last date for applying to the job?

Which countries are accepted for this remote job?