Staff Application Security Engineer
New York, NY

Job Description

Our client is looking for a Staff Application Security Engineer who will work with engineering and product teams to secure their customer applications. As a Staff Application Security Engineer, you will have a part in every aspect of the development lifecycle and work closely with development teams to understand the security posture of the features being developed. You should love tackling difficult problems and be excited to learn new things quickly and independently. It's crucial that you're an effective communicator, as you'll collaborate frequently with different engineering teams to identify and address security issues. You should have a "breaker" mentality, but be effective at designing the mitigating controls.

What you'll work on

* Partner with development teams to understand the security posture of the features being developed and identify and address security issues
* Attend daily stand ups to ensure that product features have security "built in"
* Work with the Ops and DevSecOps teams to make sure that product features are securely deployed
* Address the application layer security issues as incidents occur

What you'll bring.

* 7+ years of application security experience including source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, etc
* Strong familiarity with Python and JavaScript web app development frameworks
* Proven ability to find vulnerabilities beyond the OWASP Top 10.
* Familiar with vulnerability management and penetration testing tools: Burp, ZAP, Kali Linux, or Metasploit
* Excellent communication skills: demonstrated ability to explain complex technical issues to lay audiences
* Strong analytical, organizational, and technical writing skills
* Strong working knowledge of applied cryptography

Preferred Experience

* Experience using security monitoring technologies e.g. Splunk, CloudWatch and CloudTrail events
* Experience deploying using CI/CD pipelines to AWS e.g. Jenkins or AWS CodePipeline
* Experience working in a regulated environment such as PCI or SO

Andiamo is an Equal Opportunity Employer

Andiamo provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Andiamo complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

All qualified candidates are encouraged to apply by submitting their resume as an MS word document including a cover letter with a summary of relevant qualifications, highlighting clearly any special or relevant experience.