Job Description

Senior Application Security Engineer Experience: 4+ years experience in application development, 3+ years experience identifying and remediating application security flaws. Good experience with at least one programming language is a must. Scope: This role will be a part of an energetic and dynamic team of Product / Application security professionals, working closely with development, devops, and technology teams servicing a global business & customer base. Provide technical expertise in application security testing (SAST, DAST,Manual), SSDLC execution and flaw remediation. The Sr. Application Security Engineer will report to the Manager, Application Security and contribute to Litera\xe2\x80\x99s application and cloud security architecture evolution."
Key Responsibilities

• Perform Application security scanning (manual & automated) and identify mitigations by working closely with Litera\xe2\x80\x99s development teams.
• Perform application security code reviews and drive the identified code flaws to closure.
• Develop processes utilizing automation to identify, track and remediate security flaws in our code and cloud estate.
• Integrate and enforce secure development practices within Litera\xe2\x80\x99s SDLC.
• Continuously analyze the security profile of our cloud applications and infrastructure while implementing best practice security configurations & design with the DevOps team.
• Lead penetration testing engagements and remediation efforts for our cloud estate.
• Perform any other application security / product security architecture related activities as needed.
• Participate in development training in security, by helping find resources and doing presentations around exploits (in the wild and internal flaws that have already been remediated)

Key Traits, Knowledge, Skills, Abilities & Experience: Technical skills:

• Experience with source control and build / deployment pipelines (Jenkins, Azure DevOps, GitHub or similar tools).
• 3+ years of experience working on scanning tools (Veracode, Burp suite, Checkmarx, Acunetix, IBM appscan or similar tools)
• Experience in integrating security tools with CI/CD pipelines.
• Excellent understanding of OWASP risks, vulnerabilities, and mitigation mechanisms.
• Experience disseminating security knowledge and guiding others on security fixes.
• Knowledge of SSDLC process.
• Security remediation experience and adoption of security controls & best practices in a public cloud provider (Azure/AWS Cloud preferred) is a plus.
• Experience working with Infrastructure as Code and DevOps culture and principles is a bonus.

Soft skills:

• Curiosity, strong initiative, drive and self-direction.
• Comfort with change and a fast-paced environment - Litera is always acquiring companies and being able to adapt and deal with different technologies is necessary for this job.
• Good communication skills as this job requires working with all development and product teams across Litera to explain flaws and drive fixes.
• Leadership skills and capacity to share knowledge to help and act as a role model for less experienced peers.
• Demonstrate continuous growth and consistency in the performance of the assigned tasks.