Senior Application Security Engineer

Summary

Join Kaseya, a leading provider of IT infrastructure and security management solutions, as an Application Security Engineer. You will play a key role in ensuring the security of Kaseya's applications by proactively identifying and mitigating vulnerabilities. This involves embedding security into the development lifecycle, working closely with development teams, and implementing security best practices. Responsibilities include performing security assessments and code reviews, implementing security best practices, remediating vulnerabilities, integrating security testing tools, and performing threat modeling. Continuous improvement and collaboration with development teams are also crucial aspects of this role. Kaseya offers a dynamic work environment and opportunities for growth.

Requirements

• Proficiency in Secure Coding Practices : Solid understanding of secure coding standards and best practices in languages such as Java, Python, C#, or JavaScript
• Experience with Vulnerability Assessment Tools : Familiarity with security tools such as SAST, DAST, and IAST (Interactive Application Security Testing), and experience with scanning and interpreting results to fix vulnerabilities
• Deep Knowledge of Web and Application Security : Strong understanding of common web application vulnerabilities (OWASP Top 10), such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF)
• Experience with Threat Modeling : Knowledge of threat modeling frameworks and methodologies to identify potential security risks and mitigate them during development
• Proven Problem-Solving Skills : Ability to identify security flaws within application code and effectively collaborate with developers to resolve them
• Strong Communication Skills : Ability to clearly document security issues, report findings, and communicate with both technical and non-technical stakeholders
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field
• At least one expert-level security certification , such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Secure Software Lifecycle Professional (CSSLP)
• At least 2+ years of experience in an application security engineering role, focusing on secure coding, vulnerability assessment, and secure development practices
• 5+ years of experience in IT, with significant hands-on experience in software development and application security

Responsibilities

• Perform Security Assessments and Code Reviews : Conduct thorough security assessments, focusing on identifying and mitigating vulnerabilities in application code. Perform secure code reviews to ensure that applications are secure by design
• Implement Security Best Practices : Develop, implement, and enforce security guidelines for developers to follow. Ensure that secure coding practices are followed throughout the software development lifecycle (SDLC)
• Vulnerability Remediation : Work with development teams to address and resolve identified security vulnerabilities, ensuring they are fixed efficiently and properly tested
• Security Testing Integration : Integrate security testing tools (e.g., Static Application Security Testing - SAST, Dynamic Application Security Testing - DAST) into the development pipeline to identify vulnerabilities early in the development process
• Threat Modeling : Work with developers to perform threat modeling, identifying potential security risks in the architecture and design of applications
• Continuous Improvement : Continuously research and apply new security techniques, tools, and methodologies to enhance the organization's application security posture
• Collaboration with Development Teams : Collaborate directly with development teams to ensure that security is integrated into every phase of application development, from design to deployment

Preferred Qualifications

• Familiarity with Security Frameworks and Libraries : Experience working with security libraries and frameworks (e.g., Spring Security, OWASP Dependency-Check, etc.) to enhance application security
• Understanding of Security Automation : Experience in automating security testing within the CI/CD pipeline to ensure continuous security verification during development
• Cloud Security Knowledge : Experience securing cloud-native applications and familiarity with cloud security platforms (e.g., AWS, Azure, Google Cloud)
• Additional certifications or coursework in application security or advanced threat modeling would be a plus
• Over 10+ years of experience in IT, with an extensive focus on application security
• Experience with DevSecOps practices and embedding security within Agile and DevOps environments