Title: Application Security Engineer - Vulnerability Management

Department: R&D

Location: North America, Europe 

Position Type: Full-time 

Company: 

Centric Software is the innovative leader in delivering PLM solutions developed exclusively for retail, fashion, footwear, food, cosmetics, luxury, and consumer goods. We are searching for a skilled Identity Management engineer to become an integral part of our security-focused development team. We are seeking an individual with enthusiasm for learning, teamwork, and a commitment to deliver business value. 

Job Summary: 

As a seasoned Application Security Engineer with a deep focus on Vulnerability Management, you will play a pivotal role in fortifying our software applications against sophisticated threats. You will lead the effort in identifying, analyzing, and remediating security vulnerabilities, employing advanced security tools and methodologies. Your expertise will be crucial in integrating robust security measures into our continuous integration and deployment (CI/CD) pipelines. 

Key Responsibilities: 

• Advanced Vulnerability Identification: Conduct in-depth static and dynamic analysis of application code. Utilize SAST, DAST, IAST, and manual penetration testing techniques to uncover and classify vulnerabilities. 

• Automated Security Testing: Integrate cutting-edge automated security scanning tools into the CI/CD pipeline, ensuring continuous identification and mitigation of security vulnerabilities in the development cycle. 

• Risk Analysis and Threat Modeling: Perform detailed risk assessments and threat modelling for applications, prioritizing vulnerabilities based on their potential impact and exploitability. 

• Secure Code Review and Remediation Guidance: Lead secure code reviews and provide hands-on guidance to developers on effective remediation strategies for complex vulnerabilities. 

• Incident Response and Forensics: Participate in incident response efforts for application security incidents, including forensic analysis and detailed post-incident reporting. 

• Custom Tool Development: Develop and maintain custom tools for automated discovery of security flaws, as well as scripts for automating security testing processes. 

• Research and Development: Stay ahead of the curve in application security trends and threats. Research new attack vectors and update vulnerability management strategies accordingly. 

• Developer Training and Security Advocacy: Mentor and train software developers in advanced secure coding techniques. Promote a security-first mindset across development teams. 

Required Qualifications: 

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field. 

• 5 years of experience in application security, with a strong focus on vulnerability management. 

• Strong proficiency in Java, JavaScript, and scripting languages (e.g. Bash, PowerShell) with an understanding of complex application frameworks. 

• Familiarity with NodeJS and Rust. 

• Deep knowledge of OWASP Top 10, CWE/SANS Top 25, and other application security risks. 

• Expertise in using a variety of security tools (e.g., Burp Suite, OWASP ZAP, Fortify, Checkmarx) and vulnerability scanners. 

• Familiarity with container security, cloud security best practices, and microservices architectures. 

Preferred Qualifications: 

• Professional certifications such as CISSP, CEH, OSCP, and GWAPT. 

• Experience with DevSecOps and integrating security into DevOps practices. 

• Knowledge of regulatory compliance standards like ISO 27001, SOC 2, GDPR, etc. 

The US base salary range for this full-time position is $120,000 - $150,000 benefits. Our salary ranges are determined by role, level and location. The range for each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience and relevant education or training. Please note that the compensation details listed reflect base salary and certain positions may be offered additional variable incentives.
Centric Software provides equal employment opportunities to all qualified applicants without regard to race, sex, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status or genetic information.

Centric Software provides equal employment opportunities to all qualified applicants without regard to race, sex, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status or genetic information.