Security Engineer - Application Security

Job Description

Fragomen is seeking a Security Engineer – Application Security to join our talented Cyber Security team in our Technology Innovation Lab in Pittsburgh. 

Our industry-leading, immigration specific software and supporting infrastructure is undergoing tremendous transformation and security is on the critical path to success in that endeavor. A professional, who is passionate about security, capable of effecting change, and ready to build a strong AppSec program, is what we seek. You will be joining a small team of Security Engineers who make security a distinguishing factor in our technological offerings.  A successful candidate will help engineer solutions to secure software development, identify threats and mitigate vulnerabilities throughout our environment.

What an Application Security Engineer does at Fragomen:

• Build, deploy and maintain tooling to validate and track security controls in and around our code
• Work closely with application development and infrastructure architectural teams to create code which is secure by design and default
• Triage programmatic source code findings and automate penetration testing to decrease potential introduction of vulnerabilities
• Lead and collaborate with developers on secure coding techniques and threat modeling
• Contribute to vulnerability detection and remediation of technological offerings
• Deploy developed or OTS security applications to support our efforts
• Participate in a cross-functional response to cyber security incidents
• Work closely the security team to establish prevention, detection and mitigation techniques
• Support the scoping and rules of engagement of our penetration testing regime

Let’s talk if you have the following experience, knowledge, skills and education:

• A passionate team player who builds knowledge and solves complex problems
• 5+ years of web application development (.net, python, java, etc.)
• Secure SDLC (Software Development Life Cycle), DAST (Dynamic Application Security Testing), and SAST (Static Application Security Testing) experience
• Demonstrated understanding of web application penetration testing, secure coding and source code analysis
• Strong, professional communication skills that maintain under pressure

These things are great, but not required:

• Experience in developing highly automated detection and triage tools
• Deep understanding of cyber security techniques
• Technical certification demonstrating technical prowess in secure software development e.g. Certified Secure Software Lifecycle Professional (CSSLP), or Certified Application Security Engineer (CASE) or similar
• BA degree in a related field or a combination of related experience is a must

All offers and/or employment contracts are contingent upon the successful completion of the Firm’s pre-employment screening process. This process may include verifying the candidate’s identity, confirming legal authorization to work in the offered position's location, and conducting a comprehensive background check, where permitted by local regulations.