portal resources jobs companies e engtal application security engineer

Application Security Engineer 🔥


My client is a Boston-based digital health company focused on transforming brain health for people across the world. By advancing how we detect and address cognitive and brain disorders – leveraging cutting-edge neuroscience, clinical expertise, and artificial intelligence – our goal is to enable a future where people can live longer, happier, and healthier lives with better brain health.

We are a team of 95+(and growing!), embarking on an exciting period of accelerated growth. We invite collaborative, self-driven and impact-oriented professionals to join our dynamic and fast-growing team.

Please note that in order to be considered for the role, you must be located in the US or Canada. Unfortunately, due to the job requirement's, we are not able to consider anyone currently located in CO at the moment. We are also not able to provide sponsorship at this time.

#BI-Remote

What You’ll do:

  • Conduct regular security assessments of our apps and architecture through penetration tests, vulnerability scans, threat modeling, and manual inspection.
  • Provide security guidance on web and mobile applications backed by a GraphQL microservices architecture hosted in AWS.
  • Analyze, assess, and respond to discovered vulnerabilities.
  • Review automated code analysis results and perform manual code reviews to identify critical security areas to focus on.
  • Provide advice and consultancy to developers to resolve security findings and drive security compliance.
  • Establish policies and procedures for ensuring code security including testing frameworks integrated into CI/CD pipelines.
  • Drive internal security and privacy initiatives including documenting and communicating policies for compliance.
  • Participate in SOC2, regulatory, and other compliance audits.

About You

Must Haves:

  • B.S. in Computer Science or equivalent software engineering experience, especially familiarity with secure architecture and programming for Typescript, Javascript, Node.js, and mobile native (iOS or Android) applications.
  • Effective understanding of security industry best practices such as protocols, cryptography, authentication, authorization, and secure application programming.
  • Experience with implementing a successful and effective secure SDLC program with a high level of automation covering application Security (web and mobile applications), Cloud Security, and Risk and Compliance.
  • Experience with code scanning procedures such as SCA, SAST, DAST, and related frameworks/tools such as OWASP, veracode or blackduck.
  • Experience securing AWS infrastructure using tools like Audit Manager, Inspector, CloudTrail, and IAM for regulations such as HIPAA, SOX, GDPR, PCI, Global security mandates.
  • Familiarity with security considerations and configurations for production apps including isolating and securing environments using network configurations, IAM roles, security groups, bastion hosts or amazon workspaces, firewall setups

Nice to Haves:

  • Experience using pen testing tools (Kali Linux, BurpSuite, nmap, metasploit, etc.)
  • Experience using and applying security policies for Terraform (IaC) code controlling production infrastructure.
  • Experience training developers in various aspects of security to include secure coding, security requirements, static/dynamic security tools, etc.

Job Type: Full-time

Pay: $160,000.00 - $170,000.00 per year

Benefits:

  • 401(k)
  • Dental insurance
  • Health insurance
  • Paid time off
  • Vision insurance

Schedule:

  • Monday to Friday

Work Location: Remote

Let us send you new openings similar to Application Security Engineer straight to your Inbox. Weekly or Daily. 7-day free trial 💌

The ability to work remotely increases employee happiness by 20 percent.