Senior Application Security Engineer

Date Posted: Dec. 6, 2022, 5:36 a.m.

Cellulant Corporation Kenya

Job Description

JOB DESCRIPTION: 

Application Security Engineers work closely with cross-functional teams to ensure that Cellulant’s products are secure. As an application security engineer, you will be required to define security controls and design requirements during the product development and software build stage of the software lifecycle. You will also be required to lead the review of these controls into the software before deployment into production systems.

In this position, you are a passionate and talented application security engineer with a very deep understanding of out-of-the-box business logic vulnerabilities, OWASP, CWE 25, API Security, Mobile App Security, Data Protection, and best practices design and threat modeling skills who can work in a dynamic environment. You must be agile to produce secure code in short time frames and be willing to go beyond the standard routine.

CORE RESPONSIBILITIES:

The role holder would be responsible for the following: 

  • Identifying new or evolving business logic issues in a range of applications and creating complementary remediation plans
  • Performing security-focused code reviews including for static, dynamic and runtime issue
  • Supporting and consulting with product, development and operations teams in  area of application security, including threat modeling
  • Assisting engineering teams in reproducing, triaging, and addressing application security vulnerabilities.
  • Assisting in the development of security processes and automated tooling that prevent classes of security issues.
  • Leading both critical and regular security releases.
  • Leading the development of automated security testing to validate that secure coding best practices are being used.
  • Guiding and advising product development teams as a SME in the area of application security.
  • Developing secure application development training and socializing the material with internal product and engineering teams.
  • Participating and assisting in initiatives to holistically improve the quality and security across our product spectrum

QUALIFICATIONS & EXPERIENCE:

Qualification:

  • More than 5 Years of Experience in Application Security, SSDLC and Threat Modeling with an MS/BS degree in Information System Management / Computer Science / Information Security or a related technical discipline with at least 3 years of Software Development experience
  • MUST have a deep understanding of OWASP Top 10 (Web, Mobile and API) and CWE 25; with a proven track record and experience in implementing and strategies 
  • MUST be able to identify out-of-the-box business logic vulnerabilities/issues and swiftly design remediation strategies
  • Well-versed in application design, penetration testing, application risk assessment and risk categorization
  • Above average understanding of Open APIs and the best practices for securing them
  •  Experience in managing application security testing tools like SAST, DAST, RASP and Open Source Vulnerability Scanning
  • Solid problem-solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
  • Able to work well with cross-functional teams.
  • Experience identifying security issues through code reviews.
  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
  • Familiarity with common security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
  • Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10 and business logic vulnerabilities).
  • Good development or scripting experience and skills. Java, SpringBoot, JavaScript, and/or python are preferred.
  • A basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
  • CI/CD (Continuous Integration - Continuous Development) – Circle CI, Jenkins, GitHub
  • Must be a self-starter, able to work under pressure and with limited supervision both individually and with other team members
  •  Must be able to put together basic reports for all security tests conducted

Must have experience:

  • Must be a self-starter, able to work under pressure and with limited supervision both individually and with other team members
  • Must be able to put together basic reports for all security tests conducted
  • MUST have a deep understanding of OWASP Top 10 (Web, Mobile and API) and CWE 25; with a proven track record and experience in implementing and integrating remediation strategies
  • MUST be able to identify out-of-the-box business logic vulnerabilities/issues and swiftly design remediation strategies

How To Apply

Apply for this Job Now

Related Jobs

Safaricom Kenya

Data Analytics Engineer

Safaricom Kenya careers, Safaricom Kenya salaries. 2023 Job vacancies at Safaricom Kenya for Data Analytics Engineer in Kenya. Apply today.

software engineering Nairobi, Kenya Feb/02/2023
International Rescue Committee

Salesforce Developer & Administrator

International Rescue Committee careers, International Rescue Committee salaries. 2023 Job vacancies at International Rescue Committee for Salesforce Developer & Administrator in Kenya. Apply today.

software engineering Nairobi, Kenya Jan/26/2023
Nation Media Group

UI/UX Designer & Developer

Nation Media Group careers, Nation Media Group salaries. 2023 Job vacancies at Nation Media Group for UI/UX Designer & Developer in Kenya. Apply today.

software engineering Nairobi, Kenya Jan/26/2023
West Indian Ocean Cable Company (WIOCC)

Senior System Developer

West Indian Ocean Cable Company (WIOCC) careers, West Indian Ocean Cable Company (WIOCC) salaries. 2023 Job vacancies at West Indian Ocean Cable Company (WIOCC) for Senior System Developer in Kenya. Apply today.

software engineering Nairobi, Kenya Jan/24/2023