Senior Application Security Engineer

Information Security - Info Sec Woodland Hills, California


Description

It's fun to work in a company where people truly believe in what they're doing. At Blackline, we're committed to bringing passion and customer focus to the business of enterprise applications. Blackline is looking for creative, polished Senior Application Security Engineer to join our team.

At BlackLine you'll be inspired, challenged and humbled working with insanely smart and passionate people. The ideal candidate will have strong mentorship skills, while being excited to find solutions and a willingness to hold themselves accountable for the best results in all areas. 

If you are self-motivated, passionate about hunting down results and enjoy researching best possible outcomes utilizing best industry practices, this is the place for you.

**This will be an onsite fulltime position in our Woodland Hills, CA office. **

DUTIES & ESSENTIAL JOB FUNCTIONS

  • Influence action in your peers, leading horizontally as well as vertically
  • Identify risks and areas of exposure in applications developed and/or used by BlackLine.
  • Perform security reviews of source code, stored procedures, and server/service configurations.
  • Define and document application security requirements for BlackLine applications.
  • Oversee development of security components throughout all stages of the Software Development Life Cycle.
  • Perform manual and automated security testing of BlackLine applications.
  • Monitor application logs and audit trails.
  • Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
  • Recommend and lead projects to improve the application security risk management posture at BlackLine at large.
  • Educate developers on secure coding techniques and security best practices.
  • Participate in development of security policies, standards, and processes.
  • Participate in incident handling and perform application-related forensics activities.
  • Perform other duties as assigned

JOB QUALIFICATIONS

  • 5+ years of hands-on application security experience, strong emphasis on prior development experience.
  • Intermediate proficiency with C/C++ or Java. Experience with lower-level languages (Assembly), debug and reverse-engineering tools (IDA, etc.) is a plus.
  •  Advanced knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
  • Hands-on development experience and thorough understanding of object-oriented programming, preferably Java, C#, ASP.NET
  • Advanced knowledge of web application technologies, MVC, Ajax, XML, JSON, SOA, SSL, web-related protocols and services.
  • Intermediate knowledge of MS SQL. Basic knowledge of other commonly used DBMS.
  • Strong experience with devops in public cloud and “big data” storage, databases, and APIs such as BigQuery, vSQL, etc.
  • Ability to identify security vulnerabilities from static, dynamic and interactive testing tools and techniques.
  • Knowledge of encryption technologies, secure communications, and secure credentials management.
  • Advanced experience with at least one scripting language (e.g.: Perl, Python)
  • Intimate familiarity with web application testing tools (eg: Burp, Parox, Fiddler, mitmproxy, Havij, netcat). Ability to write proof-of-concept exploits is a big plus.
  • Ability to define application security requirements and build secure web application solutions.
  • Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.
  • Strong work ethic, attention to detail, and organizational skills.
  • Ability to multi-task and manage priorities in a fast-paced environment.
  • Ability to collaborate in a team and work independently.
  • Conceptual understanding of software development principles and SDLC models, Agile experience is a plus.
  • Intermediate proficiency with the Microsoft Office suite.
  • Windows and Linux operating systems knowledge at advanced user level.