Application Security Engineer

Position: Application Security Engineer
We’re looking for an application security engineer to be the next member of our security team. You are an expert in secure coding practices, secure SaaS operation and you can clearly communicate this expertise to application developers and technical managers. You’re comfortable writing production code and your passion is ensuring the highest levels of security in application development and operations. You can easily identify insecure design patterns and coach engineers to the highest security standards. You’ll strive to advocate and teach security and security best practices to engineers. Every day. You will develop tooling and train engineers throughout the SDLC to ensure security is consistently prioritized.

What you’ll be doing...
  • Ensure our applications are aligned with security requirements and designs
  • Pro-actively support the Engineering and Product Teams to help them understand security requirements and best practices
  • Ensure the Security Development Lifecycle parallels the Software Development Lifecycle
  • Assist and train Engineering in secure coding as they develop or modify their application code
  • Enhancing our current automated CI/CD pipeline testing
  • Conduct application risk assessments and audits using tools, technologies and methods
  • Performs application vulnerability testing for weaknesses and recommend corrections or remediate
  • Administer security tools such as baseline and attack surface analyzers, health checks, etc.
  • Runs internal red team exercises with other team members

We’re looking for…
  • Bachelor's Degree in Computer Science or Cryptography, a relevant field of engineering, or a closely related field.
  • 5+ years of professional experience in an application security engineering role
  • Production facing web application development experience, ideally in Go and / or Node
  • Solid understanding of software design principles and secure web application design
  • Comprehensive understanding of secure coding practices with experience training in these , such as SQL Injection and Cross Site Scripting
  • Knowledge of OWASP top 10 in the context of Web Applications development
  • Understands web application security, threat modeling, application identity management and cryptography
  • Experience using SAST, DAST and penetration testing tools
  • Knowledge of database security is a plus
  • Experience using AWS and its associated cloud-based tools is important
  • Desire to advance and push the boundaries of application security
  • CSSLP, CISSP, OSCP, CEH, or other industry InfoSec certification(s) a plus
  • Knowledgeable in security frameworks and best practices a plus (ISO 27001, SOC 2, NIST, HIPAA, etc.)

Where you’ll be working:
Our new office in downtown Denver, walking distance from Union Station and the Convention Center.
Application Security Engineer
Department: Engineering
Location: Denver
Apply Now