Application Security Engineer at Whispir

Security, Melbourne, Victoria, Australia melbourne engineering
Description
Posted 12 days ago

The Application Security Engineer provides expertise to inform and validate the secure design and development of IT applications with specific responsibilities within the software development lifecycle, education and awareness of staff and secure development practices, engaging with business stakeholders and security (penetration) testing and otherwise validating security controls of applications and services.

The role predominately works with:

  • Developers
  • Testers (QA)
  • IT Architects
  • Product teams

Key responsibilities:

  • Ensure that application security is an embedded and critical part of the software delivery lifecycle regardless of delivery methodology and tool sets used (e.g. static code analysis)
  • Train and educate developers and teams in secure coding techniques including use of supporting toolsets and enable them to self serve
  • Perform application vulnerability assessments including regular scanning and penetration testing activities
  • Perform secure code review across a variety of programming languages
  • Help tune Web Application Firewalls (WAF) and modify WAF policy to virtually patch applications where required
  • Develop functional security testing scripts and procedures and identify opportunities to automate security testing and processes
  • Identify inherent vulnerabilities and information security risks within systems and applications
  • Present findings to technical staff and business stakeholders
  • Clearly document and communicate security findings and risks, risk description, risk level, and recommended solutions to stakeholders which may include external parties
  • Strong ethics and understanding of ethics in business and information security
  • Help manage security incidents if required