Application Security Engineer
We are seeking an Application Security Engineer who will be responsible for designing, building, assessing and deploying systems to protect against security and privacy threats. This position interfaces with cross functional teams to ensure security, privacy, and compliance requirements are addressed throughout the development lifecycle. Above all, we are looking for a team player who is smart, resourceful, and driven and who wants to be part of a culture of innovation and creativity as we develop the next generation of technology and products.
Be Yourself. Be Open. Stay Hungry and Humble. Collaborate. Challenge. Decide and just Do. These are the behaviours you’ll need for success at Logitech. In this role you will:
The Application Security Engineer will join a dynamic Security team that has overall security responsibility for securing the Logitech ecosystem. The Application Security Engineer will be primarily responsible for securing software, hardware and mobile applications (iOS and Android) of Logitech products, in the following areas:
1. Static Application Security Testing (SAST): Implement and manage SAST Tools to analyze source code and/or compiled versions of code to help find security flaws. (e.g. OWASP top 10, etc.)
2. Dynamic Application Security Testing (DAST): Implement and manage DAST tools to scan web applications for security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configuration (e.g. using tools such as Rapid 7 App Spider, Rapid 7 Nexpose, QualysGuard, IBM AppScan, Burp Suite, etc.)
3. Threat Modelling: Strong and direct professional experience in performing threat modelling, including the ability to document and articulate potential risks to non-technical teams
4. Vulnerability Management: Strong and direct professional experience in managing and coordinating public vulnerability disclosure programs. Ability to communicate potential vulnerabilities to internal teams to allow for effective and timely prioritization of responses.
The Application Security Engineer will be responsible for security procedures and security audits/review processes as it relates to the software development lifecycle of existing and new products and features across multiple domains.
The Application Security Engineer will report directly to the Head of Cybersecurity.
Must have minimum of 3 years’ experience securing the SDLC in multiple domains including; Software, Hardware and Cloud environments
Must have experience with 1 or more of the following:
SAST: Static Application Security Testing Tools
DAST: Dynamic Application Security Testing Tools
Any experience writing automated testing tools utilizing Python, Ruby, etc. is a plus
Any experience with IAST (interactive application security testing) is a plus
Logitech is the sweet spot for people who are passionate about products, making a mark, and having fun doing it. As a company, we’re small and flexible enough for every person to take initiative and make things happen. But we’re big enough in our portfolio, and reach, for those actions to have a global impact. That’s a pretty sweet spot to be in and we’re always striving to keep it that way.
“All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.”