Application Security Engineer

Security United States Remote, Michigan Remote, Georgia Remote, Massachusetts Remote, North Carolina Remote, New York Remote, Ohio Remote, Maryland Remote, Minnesota Remote, South Carolina Remote, Virginia

Apply

                                                                                                                                                                                                            

Application Security Engineer

 
*Currently we are only considering candidates in the following locations:
  • Georgia
  • Michigan
  • Minnesota
  • Maryland
  • Massachusetts
  • Ohio
  • New York
  • North Carolina
  • South Carolina
  • Virginia 
 
Who We Are:
CrashPlan® provides peace of mind through easy-to-use, automatic endpoint data backup. We help organizations recover from any worst-case scenario, whether it is a disaster, simple human error, a stolen laptop, ransomware or an as-of-yet undiscovered calamity. We continue to innovate as the landscape of work evolves, which makes CrashPlan foundational to organizations’ data security. What starts as endpoint backup and recovery becomes a solution for ransomware recovery, breaches, migrations, and legal holds.
 
What You Will Be Doing:
We are recruiting for a Application Security Engineer to join our team. In this role, you will be responsible for validating that application services are designed and implemented with high security standards. You will addresses legacy and emerging security issues, and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. As issues are uncovered, you will communicate and work with the appropriate technical and leadership teams to ensure a focus on risk mitigation – allowing for business continuity, but without negligent risk. You will also responsible for assessing the security of applications for business-to-business initiatives, third-party relationships, outsourced solutions and vendors and recommend programmatic controls, and monitor and manage secure development practices to address modern day issues.  
Key Responsibilities:
  • Document security findings with reasonable methods to secure.
  • Focus on automation to aid in efficiencies with both testing and remediation of findings.
  • Work with developers to provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by application security assessments.
  • Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing.
  • Work closely with the Product Development organization to ensure all new product and feature development efforts meet or exceed security requirements and industry best practices
  • Fully define and follow a security review process to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources.
  • Use security standards and implementation configurations, as well as common security frameworks
  • Prepare for and manage bug bounty programs.
  • Document delivery and implementation advances that meet defined service-level agreements
What You Bring:
Required Qualifications: 
  • Bachelor's degree in computer science , information assurance, MIS or related field, or equivalent experience 
  • At least 3+ years’ experience in cybersecurity, including compliance and risk management with a system and/or application engineering background.
  • Highly technical and analytical experience, with a proven deep background in application programming.
  • Experience in threat modeling applications

  • Experience with security of intra-company and third-party APIs

Preferred Qualifications:
  • Experience with agile workflows, including Scrum and Kanban.
  • Vulnerability and penetration-testing skills.
  • Proficient in securing *nix operating systems, endpoint applications, networking protocols and devices.         
  • Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC).
  • Capable of scripting in Python, Bash, Perl or PowerShell.
  • Knowledge of National Institute of Standards (NIST) or International Standards Organization (ISO) requirements.
  • Some experience with operations and security across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP).    
  • One or more (or working toward one or more) of the following: CCSP, CISSP, GIAC, AWS Certified Cloud Practitioner, or additional AWS advanced certifications


 
 
The base salary range for this position is $115,000 - $135,000. This position is eligible for an annual bonus based on individual and company performance in addition to a full range of benefits. Final compensation will be dependent on various factors relevant to the position and the candidate such as geographical location, candidate qualifications, certifications, relevant job-related work experience, education, skillset and other relevant business and organizational factors, consistent with applicable law. This information is provided per the relevant state and local pay transparency laws for the location in which this position will be performed. 

CrashPlan values workplace diversity and ensuring an environment of mutual respect. Employment opportunities are available to all applicants without regards to race, color, creed, religion, sex, national origin, age, marital status, veteran status, sexual orientation, gender identity or expression, disability, genetic information, or any other category protected by law. We believe that diversity and inclusion are critical to our success, and we seek to recruit, develop, and retain the most talented people from a diverse candidate pool. We are proud to be an equal opportunity employer

Apply Apply Later
← Back to Current Openings

Share