Sr. Application Security Engineer

Overview

As someone experienced with securing a wide variety of applications you are looking for an opportunity to use your skills in an innovative and technology-oriented environment. As an Application Security Engineer at Esri you will fill a critical role in helping secure Esris intellectual property and sensitive data against a variety of complex threats with support from all levels of leadership. Our Application Security team collaborates closely with the application development DevSecOps and information security departments to design security into our applications up front perform application layer security testing and assist developers with vulnerability remediation. We value collaboration pragmatic security and continuous improvement. We welcome you to join Esri where you can make a real difference every day!

Responsibilities

• Design operate and continuously improve application security testing capabilities and pipelines
• Assess application risks and recommend mitigations
• Perform application layer security reviews of the code developed by our application teams across multiple languages and frameworks used internally
• Assist with application layer penetration testing to identify potential issues
• Provide application security guidance and mentorship to development teams as needed

Requirements

• 5 years of experience in application security including manual and automated code reviews manual penetration testing dynamic application security testing and false positive analysis of code pen test and open-source security findings
• Demonstrated experience determining risk based on analysis/findings using a consistent risk management framework
• Proven ability to develop automations/applications using Python Typescript Java or PowerShell
• Experience creating and maintaining reusable GitHub Actions workflows with expertise in all aspects of GitHub workflow management
• Hands-on experience working in a DevSecOps environment built on Kubernetes with a strong knowledge of Kubernetes security best practices
• Ability to read and analyze code for security and design vulnerabilities
• Solid understanding of common web application security standards (HTTP OAuth OIDC REST and more)
• Experience working with cloud platforms specifically AWS and Azure
• Willingness to learn new skills and enhance workflows using various AI tools
• US citizenship and willingness and ability to maintain a US Security Clearance
• Bachelors degree in computer science or related field

Recommended Qualifications

• Proficiency in any of the following languages: C# Python Bash/Shell PowerShell JavaScript SQL Java
• Familiarity with AI-assisted coding practices including tools such as GitHub Copilot and an understanding of the security implications and risks introduced by AI-generated code
• Practical experience interpreting findings from application pen testing code scanning and open-source scanners to determine the risk and collaborate with developers to resolve them
• Understanding of layer 2-7 communication protocols common encoding and encryption schemes and algorithms

#LI-TM1

#LI-onsite