Appsec Engineer

Qualifications:

• Possesses a deep understanding of web application security principles.
• Familiarity with OWASP Top 10 vulnerabilities and experience addressing them.
• Proficient in reading and comprehending code in various programming languages.
• Experience not only executing DAST/SAST scans but also capable of triaging and assisting development teams in resolving issues.
• Proficiency in penetration testing and familiarity with tools like BurpSuite.

Bonus Skills:

• Familiarity with cloud computing platforms.
• Experience with IAST.
• Background in software development preferably in Java transitioning into security roles.

Required Skills:

1. Strong expertise in Application Security (AppSec) including:
   • Manual source code review.
   • Analyzing DAST/SAST scan results particularly with tools like AppScan Netsparker and Checkmarx.
   • Application penetration testing ideally utilizing BurpSuite.
2. Ability to comprehend code effectively.
3. Thorough understanding of Web Application and Web Service architectures along with associated protocols.
4. Demonstrated commitment to a career in Security through relevant roles and credentials.

Highly Desirable Skills:

1. Solid understanding of Java and proficiency in Core Java with familiarity in frameworks such as Spring and Hibernate.
2. Proficiency in Python with development experience.
3. Experience with Capture the Flag (CTF) or red team exercises.
4. Knowledge and experience with Web Application Firewalls (WAF).
5. AWS development skills or strong understanding of AWS Security.
6. Relevant credentials such as Masters in Cybersecurity OSCP CEH CCSP AWS Certified Solutions Architect or AWS Certified Security Specialty (Associate or Professional).

OWASP,Pen testing,AppSec,DAST/SAST,BurpSuite,Checkmarx,Netsparker,AppScan