Application Security Engineer

Duties:
API Security responsibilities:
Defines specifications and develop code and utilities, modifies existing programs, prepares test data, and prepares functional specifications.
Establishes, participates, and maintains relationships with customers and subject matter experts to remain apprised of direction, architectural and technology trends, risks, and functional/integration issues.
Analyzes, designs, develops, codes and implements programs in one or more programming languages, for Web and Rich Internet Applications. Create various automated security integration solutions.
Work with the API Management platforms to develop APIs, Products, Plans, etc. and test them.
Develop UI and API functionality in languages including, but not limited to JavaScript, TypeScript and python.
Work with application development personnel and other technical team members to review existing and/or new APIs/web services in support of quality implementations that align with Security policies, procedures, and generally-accepted best practices.
Work closely with DevOps and cloud infrastructure architects and engineers to design, implement and manage secure, scalable, and reliable cloud infrastructure environments
Participates as a technology advisor to collaborate with Agile squads to deliver business benefits with effective and efficient use of technology Platform(s)
Ensures teams are validating for OWASP and performing industry leading application security practices.
Performs application program interface security assessments and remediation activities as part of the API security program.
Leverages the enterprise SSDLC processes and toolset.

Skills:
Bachelor s degree in Computer Science, Computer Engineering, Technology, Information Systems (CIS/MIS), Engineering or related technical discipline, or equivalent experience/training
2 years of experience working as a frontend or backend software developer
API: Experience with HashiCorp Vault APIs, Cloud APIs and API gateway
Experience as a developer on a team consisting of five or more software developers
Ability to conduct independent research
Broad understanding of web service implementation paradigms (REST, SOAP)
Basic understanding of Cryptography concepts: hashing, signing, symmetric/asymmetric encryption and decryption
Basic understanding microservice application architecture, software cohesion and software coupling
Comfortable learning new programming languages as needed to conduct code reviews
Comfortable with the following tools and technologies: Git, SoapUI, Jenkins, Artifactory, SonarQube, Find Bugs, Docker Experience with deploying and configuring API scanning tools
Experience in Identity and access management concepts and technical specifications
Experience creating continuous integration pipelines (Cloud bees, Jenkins, Buddy, Urban Code, etc.)
Experience using integrated development environments (e.g. Visual Studio, Visual Studio Code, Eclipse)
Experience with Azure Resource Manager (ARM) and scripting tools, including PowerShell, Azure CLI, JavaScript, Shell scripts, Python, or similar languages.
Experience developing solutions that combine data from APIs, endpoints, and databases
Outstanding communication, analytical skills and ability to function in a globally diverse work environment
Experience working within an agile team (Scrum, Rally, etc.)
Familiarity with OWASP and the San s Top 25

Education and Experience:

Bachelor s degree in Computer Science or related field or equivalent experience/certification
API security 1 year
2 years working as a Security Engineer
1-year experience developing automation solutions in Python, Java or PowerShell
Ability to analyze complex problems and implement solutions and/or workarounds
Familiarity with NIST Special Publications (e.g. 800-171,800-53, CSF)