Cyber security Engineer
Apply NowCompany: Sarian, Inc.
Location: Bellevue, WA 98006
Description:
Cybersecurity Engineer
Bellevue, WA
Job Description:
As a Cybersecurity Engineer, you will be a member of the team responsible for discovering and testing security flaws in applications. You will verify flaws through dynamic tests in both test and production environments, and work with development teams to remediate those flaws.
Responsibilities:
Qualifications:
Minimum Qualifications:
Bellevue, WA
Job Description:
As a Cybersecurity Engineer, you will be a member of the team responsible for discovering and testing security flaws in applications. You will verify flaws through dynamic tests in both test and production environments, and work with development teams to remediate those flaws.
Responsibilities:
- Perform dynamic security testing on web applications, APIs, and mobile applications to discover security flaws according to OWASP Top 10
- Triage flaws according to risk
- Communicate effective remediation steps to developers
- Assist with developer education in secure coding concepts
- Design product instrumentation and test automation
- Provide deep guidance about the nuances of programming and scripting languages: Java, Python, .net, Go, JavaScript and TypeScript
- Promote industry leading security standards in application security design and implementation
Qualifications:
- Incredible security testing skills: ability to run both automated discovery tools as well as manual testing techniques such as: traffic manipulation with personal proxies, input field fuzzing and injection, application logic manipulation, session and token manipulation
- Working understanding of common application environments and deployment stacks
- Considerable knowledge of networking as it affects communication with applications
- Deep understanding of common web protocols (TCP/IP, HTTP, SSL/TLS), services (REST, SOAP), and supporting data formats (JSON and XML), mobile OS architectures
- Experience in software development using one or more of the following languages: Java, Python, .net, GO, JavaScript and TypeScript variants
- Thorough understanding of application security concepts such as: authentication and authorization mechanisms, data validity, data integrity, data confidentiality, data availability, logging and monitoring at different levels of the stack, and user non-repudiation
- Thorough understanding of application architectures such as: n-tier, client and server, API, microservice
- Familiarity with common Web, API, and mobile testing tools: Burp Suite, Web Inspect Enterprise, Postman, MobSF, Drozer, etc.
- Experience with agile software development practices
- Excellent verbal, written, and interpersonal communications skills
- Ability to work both as a team member and independently
- Have obtained one of the following certificates is a plus:
- Certified Information Systems Security Professional (CISSP)
- OSCP
- GIAC
Minimum Qualifications:
- Bachelors' Degree in Computer Science or related field
- Relevant Experience (6+ years security testing)