Associate Application Security Engineer 2

Overview

Job Summary 

The role of Application (software) Security Engineer is an entry-level, hands-on, engineering focused position, responsible for helping to foster a Secure SDLC and ‘secure by design’ approach and practice throughout all our software engineering teams. The role holder must have a good combination of problem-solving and communication skills. She or he will support the Application Security, InfoSec, and Software engineering teams. The main responsibilities carried by this position vary between setting up code security scans, penetration test support, vulnerabilities triage and validation, and knowledge documentation and process review. 

Responsibilities

Essential Functions/Responsibilities  

Configure and fine tune Application Security tests and vulnerability scans. 

Partner with Development teams to integrate security testing into their CI/CD pipelines and development processes. 

Partner with Senior Application Security engineers on Penetration tests set up and validation 

Ensure the processes and procedures of the area are documented and updated 

Do research and regularly consult with colleagues 

Deliver secure software development training (e.g. OWASP Top10) 

Co-work with Security Analysts and other colleagues on software vulnerabilities and security issues: determine scope, severity and potential impact, recommend next steps, follow through with risk treatment and mitigation. 

Escalate issues, appropriately, to various teams and levels of authority inside the organization. 

Qualifications

Minimum Qualifications 

Bachelor’s degree in a relevant business or technical discipline is required. 

3+ years of relevant work experience 

Demonstrated knowledge of application security concepts, best practices and methods 

Experience with various application security tools including SAST, SCA, DAST 

Experience with Web Application security testing like Web Pentesting, Fuzzing, Automated test 

Even Better If You Have 

Experience securing cloud infrastructure and cloud applications. 

Working knowledge of web, mobile, API, Microservices, network and security architectures and design patterns. 

Demonstrated ability to code in at least one programming language (python, javascript, typescript, go) 

Working knowledge of AWS native security tools. 

Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities. 

Experience with methodologies and tools, for threat analysis of systems, such as threat modelling and software fuzzing. 

Experience with developer tools and environments, project management and bug tracking systems. 

Experience in implementing and integrating security tools into CI/CD. 

EEO Commitment

EEO Commitment

PowerSchool is committed to a diverse and inclusive workplace. PowerSchool is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. Our inclusive culture empowers PowerSchoolers to deliver the best results for our customers. We not only celebrate the diversity of our workforce, we celebrate the diverse ways we work. If you have a disability and need an accommodation regarding our recruiting process, please let us know by emailing accommodations@powerschool.com.

#LI-NB1