Application Security Engineer

TQL
Charlotte, United States of America
5 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Charlotte, United States of America

Tech stack

Kubernetes Security
Java
JavaScript
Amazon Web Services (AWS)
User Authentication
Azure
Burp Suite
C Sharp (Programming Language)
Encodings
Computer Security
Python
OAuth
OpenID
Open Web Application Security
JSON Web Token
Security Assertion Markup Language (SAML)
Secure Coding
Software Engineering
TypeScript
Web Applications
Cloud Platform System
Sonatype
Software Security
Veracode
Checkmarx
Devsecops

Job description

As an Application Security Engineer at TQL, you'll help design, implement and maintain security controls across the software development lifecycle. You'll partner closely with engineering and product teams to ensure applications are secure by design, vulnerabilities are identified early and remediation efforts are driven without slowing development.

This role is ideal for someone passionate about secure coding, threat modeling and embedding security into modern CI/CD pipelines while enabling teams to move fast and safely., * Embed security practices throughout the software development lifecycle from design through deployment

  • Perform application security testing including static, dynamic and dependency analysis
  • Partner with engineering teams to triage, prioritize and remediate application vulnerabilities
  • Conduct threat modeling and security architecture reviews for new and existing applications
  • Develop and maintain secure coding standards and security guidelines
  • Integrate application security tools into CI/CD pipelines
  • Support incident response efforts related to application-level vulnerabilities
  • Stay current on emerging threats, vulnerabilities and security best practices
  • Provide security guidance, training and mentorship to developers

Requirements

  • 3+ years of experience in application security or software engineering
  • A strong understanding of web application architectures and common vulnerabilities such as the OWASP Top 10
  • Experience securing applications written in languages such as Java, C#, Python or JavaScript/TypeScript
  • Hands-on experience with application security testing tools such as Snyk, Veracode, Checkmarx, Burp Suite or OWASP ZAP
  • Strong understanding of authentication and authorization mechanisms including OAuth, OIDC, JWT and SAML
  • Familiarity with cloud environments such as AWS, Azure or GCP
  • Ability to clearly communicate security risks and remediation guidance to both technical and non-technical audiences
  • Experience with DevSecOps practices is a plus
  • Experience with container or Kubernetes security is a plus
  • Security certifications such as OSCP or CEH are a plus

Benefits & conditions

Tuition reimbursement, Health insurance, 401(k) matching, Employee discount, Vision insurance, Dental insurance, Opportunities for advancement, * Competitive compensation

  • Opportunities to influence security practices across modern applications
  • Exposure to cloud-native and DevSecOps environments
  • Advancement opportunities with aggressive and structure career paths
  • Comprehensive benefits package
  • Health, dental and vision coverage
  • 401(k) with company match
  • Perks including employee discounts, financial wellness planning, tuition reimbursement and more
  • Certified Great Place to Work and voted a 2019-2026 Computerworld Best Places to Work in IT

Apply for this position