SoHo Dragon represents a Fortune 500 Financial Technology firm with offices in Sunnyvale and Colorado Springs that needs to hire an Application Security Engineer.

• • Sunnyvale or Colorado Springs (100% remote, but near an office if need be)

What you will do as an Application Security Engineer:

• Develop, configure and implement tooling to support DevSecOps processes including SAST, DAST, IAST, and SCA, in partnership with DevOps.
• Establish application security standards and guidelines for developers.
• Establish and audit cloud infrastructure security standards.
• Evaluate application architectures for security related concerns.
• Champion and enable security-related activities in the software engineering process (e.g., threat modeling, secure coding practices).
• Assess infrastructure, web and application environments to help identify, and prioritize risks and vulnerabilities.
• Manage vulnerability backlog, partnering with Product and Engineering to ensure issues are addressed in accordance with SLA.
• Perform and/or facilitate external audit of cloud architecture specific to security.
• Perform red team exercises, including internal pen-tests on web applications and infrastructure, and internal social engineering exercises.

Basic Qualifications for Consideration:

• 5 years of experience in application security ideally from a software or architecture background.
• Strong understanding of SAST, IAST, DAST, and SCA tooling in support of DevSecOps.
• Significant experience with securing cloud architectures preferably in GCP.
• Experience with performing security architecture and design reviews.
• Experience implementing a vulnerability management program.
• Experience with coding/scripting.
• Experience with threat modeling (STRIDE, DREAD, etc.)
• Demonstrable experience building strong working relationships with Product, Engineering, Infosec, and GRC.
• Experience with running or participating in bug bounty programs.