Job Summary
The role of Application (software) Security Engineer is an entry-level, hands-on, engineering focused position, responsible for helping to foster a Secure SDLC and ‘secure by design’ approach and practice throughout all our software engineering teams. The role holder must have a good combination of problem-solving and communication skills. She or he will support the Application Security, InfoSec, and Software engineering teams. The main responsibilities carried by this position vary between setting up code security scans, penetration test support, vulnerabilities triage and validation, and knowledge documentation and process review.
Essential Functions/Responsibilities
Configure and fine tune Application Security tests and vulnerability scans.
Partner with Development teams to integrate security testing into their CI/CD pipelines and development processes.
Partner with Senior Application Security engineers on Penetration tests set up and validation
Ensure the processes and procedures of the area are documented and updated
Do research and regularly consult with colleagues
Deliver secure software development training (e.g. OWASP Top10)
Co-work with Security Analysts and other colleagues on software vulnerabilities and security issues: determine scope, severity and potential impact, recommend next steps, follow through with risk treatment and mitigation.
Escalate issues, appropriately, to various teams and levels of authority inside the organization.
Minimum Qualifications
Bachelor’s degree in a relevant business or technical discipline is required.
3+ years of relevant work experience
Demonstrated knowledge of application security concepts, best practices and methods
Experience with various application security tools including SAST, SCA, DAST
Experience with Web Application security testing like Web Pentesting, Fuzzing, Automated test
Even Better If You Have
Experience securing cloud infrastructure and cloud applications.
Working knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.
Demonstrated ability to code in at least one programming language (python, javascript, typescript, go)
Working knowledge of AWS native security tools.
Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
Experience with methodologies and tools, for threat analysis of systems, such as threat modelling and software fuzzing.
Experience with developer tools and environments, project management and bug tracking systems.
Experience in implementing and integrating security tools into CI/CD.
PowerSchool is committed to a diverse and inclusive workplace. PowerSchool is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. Our inclusive culture empowers PowerSchoolers to deliver the best results for our customers. We not only celebrate the diversity of our workforce, we celebrate the diverse ways we work. If you have a disability and need an accommodation regarding our recruiting process, please let us know by emailing accommodations@powerschool.com.
#LI-NB1
Software Powered by iCIMS
www.icims.com