Senior Application Security Engineer at New Context (San Francisco, CA) (allows remote)

Desired Skills and Experience

• Ensuring that SOC 2, ISO 27001 and Client Security Policies are in accordance for API and cloud services.
• Developing, implementing and monitoring enterprise information security architectures and solutions.
• Assessment automation through penetration testing and ethical hacking, and analyzing risks post assessment.
• Development of Ansible playbooks to ensure web application security.
• Collaborate with QA to establish and ensure security awareness throughout software development lifecycle.
• Source code review work for application design and architecture.
• Security, logging, auditing and support for all applications hosted in Client environment.
• Assessment of security tools, vendors and solutions to support information security initiatives.
• Deliver training for security within development lifecycles and coding practices.
• Internal penetration testing and assessments for vulnerabilities.
• Maintain and support application security tools, including static and dynamic security analysis solutions, and develop related documentation
• 7+ years of experience within Information Security for application development.
• Holder of CISSP, GIAC, CSSLP or CEH preferred.
• Development, deployment and automation of application security solutions within enterprise cloud environments.
• Knowledgeable in DevOps practices and security for CI/CD preferred.
• Knowledgeable in Microsoft Azure architecture and services
• Strong understanding of OWASP Top 10 and CWE/Sans Top 25
• Proficiency in ethical hacking and whitehat penetration testing
• Technical security control environments and compliance including CSA CCM, ISO 270001 and SOC2
• Burp Suite, Metasplot and Kali Linux proficiency preferred
• Web Application architecture, API development and MVS Framework proficiency required
• Experience investigating security related to web application exploits, credential stealing and authentication-based exploits
• Programming profiency in Java Script, HTML, PHO or Python with preferred additional knowledge of Java C++ or C
• Scripting through Powershell, Python, Perl etc preferred
• Knowledge of threat models for large, distributed systems and cloud-based SaaS infrastructure