Vacancy expired!
Application Security Engineer Job Description
Senior Application Security Engineer - CoStar Group OVERVIEW CoStar Group, Inc. (NASDAQ - CSGP) ( www.costar.com ) is commercial real estate's leading provider of information and analytic services.Founded in 1987, CoStar conducts expansive, ongoing research to produce and maintain the largest and most comprehensive database of commercial real estate information. Our suite of online services enables clients to analyze, interpret and gain unmatched insight on commercial property values, market conditions and current availabilities.In this role, you will secure software and applications that power the worldwide commercial real estate market. Work with 1,000 software, QA, and operations engineers to secure code in the pipeline and at run time. This is an opportunity to work with an advanced security team that is responsible for securing the data and products behind 35 websites serving 75M global visitors/mo, running on top of multiple private and public clouds. We are looking for a passionate, technical application security engineer to lead key security activities across the software development lifecycle. This position will work with software development teams, devops, and security to drive and shape the way our employees and engineers build, deploy, and operate applications.This position can be based out of our Washington, DC, San Diego, CA or Richmond, VA, and has the opportunity for hybrid work with up to two days remote per week. Four-day work weeks are also an option for those applicants that are interested. RESPONSIBILITIES- Work with the software and product teams to help ensure applications are designed and implemented securely during the SDLC
- Develop a repeatable framework to scale application security controls across several applications
- Manage a variety of application security tools (DAST, SAST, SCA) at enterprise scale
- Assess web applications and underlying infrastructure for vulnerabilities using both manual and automated techniques
- Demonstrate risk of detected issues to both technical and non-technical audiences
- Track remediation efforts
- Recommend code changes to eliminate vulnerabilities
- Automate security testing at various stages within the CI/CD pipeline
- Develop secure coding standards and training across multiple application frameworks and technologies
- Research emerging threats, vulnerabilities, and attack techniques
- Serve as an escalation for security operations during incident detection and response
- Advance the growth and maturity of the application security program
- Bachelor's Degree (preferably in a relevant field - Computer Science/Cyber Security)
- Minimum 5 years total experience in a technical role such as security or software engineer with at least 2 years as a software developer.
- Design and implementation of secure application development
- Experience with penetration testing and common attack vectors
- Experience with secure application development
- Experience with defense-in-depth strategies to help mitigate existing risk within applications
- Software development experience in a common programming language: C# (preferred), Java, C/C, Python, or Go
- Scripting/programming skills - Python, PowerShell, GoLang, Perl, JavaScript, .NET, API Integration
- Security tooling automation in CI/CD pipelines and IDE interfaces including Static Application Security Testing (SAST) and Static Application Analysis (SCA) solutions such as Veracode, CheckMarx, AppScan, X-Ray, Synopsys, or Snyk
- Dynamic application security testing (DAST) through Metasploit, Burpsuite, OWASP ZAP, Acunetix, etc.
- Industry relevant professional certifications:
- ISC-2 CISSP
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- SANS GIAC Penetration Tester (GPEN)
- SANS GIAC Cloud Penetration Tester (Google Cloud PlatformN)
- SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- In-depth understanding of various assessment tools
- Knowledge of infrastructure operations across databases, network, and system administration
- Ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation.
- Experience coordinating with application teams to drive security by design principles
- Ability to mentor and train team members to prioritize security efforts effectively
- A self-starter who can advance the application security program and follow-through ideas to completion.
- Hands-on experience implementing security tools into CI/CD pipelines.
- Experience testing serverless cloud deployments
- Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
- Life, legal, and supplementary insurance
- Commuter and parking benefits
- 401(K) retirement plan with matching contributions
- Employee stock purchase plan
- Paid time off
- Paid parental leave (up to 12 weeks)
- Tuition reimbursement
- On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes, as well as Segways and bikes available for use during the day
- Complimentary gourmet coffee, tea, hot chocolate, prepared foods, fresh fruit, and other healthy snacks
- ID: #43775221
- State: District of Columbia Washington 20001 Washington USA
- City: Washington
- Salary: USD TBD TBD
- Job type: Permanent
- Showed: 2022-07-02
- Deadline: 2022-08-30
- Category: Et cetera