Application Security Engineer

02 Jul 2024

Vacancy expired!

Application Security Engineer Job Description

Senior Application Security Engineer - CoStar Group

OVERVIEW CoStar Group, Inc. (NASDAQ - CSGP) ( www.costar.com ) is commercial real estate's leading provider of information and analytic services.Founded in 1987, CoStar conducts expansive, ongoing research to produce and maintain the largest and most comprehensive database of commercial real estate information. Our suite of online services enables clients to analyze, interpret and gain unmatched insight on commercial property values, market conditions and current availabilities.

In this role, you will secure software and applications that power the worldwide commercial real estate market. Work with 1,000 software, QA, and operations engineers to secure code in the pipeline and at run time. This is an opportunity to work with an advanced security team that is responsible for securing the data and products behind 35 websites serving 75M global visitors/mo, running on top of multiple private and public clouds. We are looking for a passionate, technical application security engineer to lead key security activities across the software development lifecycle. This position will work with software development teams, devops, and security to drive and shape the way our employees and engineers build, deploy, and operate applications.

This position can be based out of our Washington, DC, San Diego, CA or Richmond, VA, and has the opportunity for hybrid work with up to two days remote per week. Four-day work weeks are also an option for those applicants that are interested.

RESPONSIBILITIES
  • Work with the software and product teams to help ensure applications are designed and implemented securely during the SDLC
  • Develop a repeatable framework to scale application security controls across several applications
  • Manage a variety of application security tools (DAST, SAST, SCA) at enterprise scale
  • Assess web applications and underlying infrastructure for vulnerabilities using both manual and automated techniques
  • Demonstrate risk of detected issues to both technical and non-technical audiences
  • Track remediation efforts
  • Recommend code changes to eliminate vulnerabilities
  • Automate security testing at various stages within the CI/CD pipeline
  • Develop secure coding standards and training across multiple application frameworks and technologies
  • Research emerging threats, vulnerabilities, and attack techniques
  • Serve as an escalation for security operations during incident detection and response
  • Advance the growth and maturity of the application security program
BASIC QUALIFICATIONS:
  • Bachelor's Degree (preferably in a relevant field - Computer Science/Cyber Security)
  • Minimum 5 years total experience in a technical role such as security or software engineer with at least 2 years as a software developer.
Relevant experience areas (experience required in at least 3):
  • Design and implementation of secure application development
  • Experience with penetration testing and common attack vectors
  • Experience with secure application development
  • Experience with defense-in-depth strategies to help mitigate existing risk within applications
  • Software development experience in a common programming language: C# (preferred), Java, C/C, Python, or Go
  • Scripting/programming skills - Python, PowerShell, GoLang, Perl, JavaScript, .NET, API Integration
  • Security tooling automation in CI/CD pipelines and IDE interfaces including Static Application Security Testing (SAST) and Static Application Analysis (SCA) solutions such as Veracode, CheckMarx, AppScan, X-Ray, Synopsys, or Snyk
  • Dynamic application security testing (DAST) through Metasploit, Burpsuite, OWASP ZAP, Acunetix, etc.
  • Industry relevant professional certifications:
    • ISC-2 CISSP
    • Offensive Security Certified Professional (OSCP)
    • Offensive Security Certified Expert (OSCE)
    • SANS GIAC Penetration Tester (GPEN)
    • SANS GIAC Cloud Penetration Tester (Google Cloud PlatformN)
    • SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
PREFERRED QUALIFICATIONS AND SKILLS
  • In-depth understanding of various assessment tools
  • Knowledge of infrastructure operations across databases, network, and system administration
  • Ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation.
  • Experience coordinating with application teams to drive security by design principles
  • Ability to mentor and train team members to prioritize security efforts effectively
  • A self-starter who can advance the application security program and follow-through ideas to completion.
  • Hands-on experience implementing security tools into CI/CD pipelines.
  • Experience testing serverless cloud deployments
OVERVIEW OF COMPANY: Founded in 1987, CoStar Group is the leading provider of commercial real estate information, analytics, and online marketplaces. Our suite of online services enables clients to analyze, interpret and gain unmatched insight on commercial property values, market conditions and current availability. Behind some of the most well-known brands in the industry, CoStar Group includes CoStar, the largest provider of CRE research and real-time data; LoopNet, the most heavily trafficked mobile and online real estate marketplace; Apartments.com, the premier rental home resource for renters, property managers and owners; STR, the leading provider of performance benchmarking and comparative analytics to the hotel industry; BizBuySell, the largest online marketplace for businesses-for-sales; and Lands of America, the leading operator of online marketplaces for rural real estate.Headquartered in Washington, DC, CoStar Group maintains offices throughout the U.S. and in Europe, Canada, and Asia with a staff of over 4,300 worldwide. WHATS IN IT FOR YOU: Working at CoStar Group means you'll enjoy a culture of collaboration and innovation that attracts the best and brightest across a broad range of disciplines. In addition to generous compensation and performance-based incentives, you'll be supported in both your professional and academic growth with internal training, tuition reimbursement, and an inter-office exchange program.Our benefits package includes (but is not limited to):
  • Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
  • Life, legal, and supplementary insurance
  • Commuter and parking benefits
  • 401(K) retirement plan with matching contributions
  • Employee stock purchase plan
  • Paid time off
  • Paid parental leave (up to 12 weeks)
  • Tuition reimbursement
  • On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes, as well as Segways and bikes available for use during the day
  • Complimentary gourmet coffee, tea, hot chocolate, prepared foods, fresh fruit, and other healthy snacks
Be part of a team of professionals enjoying the opportunity to learn, do, and grow in a rewarding atmosphere. But don't just take our word for it see why our team chose to work at and stay at CoStar Group: https://www.youtube.com/watch?v=CVbJRnJ2sX0

We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However, please note that CoStar is not able to provide visa sponsorship for this position.

#LI-AR#LI-Hybrid

CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing