Application Security Engineer

Application Security Engineer

Position Overview and Objective
The Application Security Engineer role is responsible for the implementation of
measures to ensure the security of Arctic Wolf software systems, applications, code,
and related components. This role will work within our Information Security Engineering
team to deploy and operationalize technical security capabilities with open collaboration
with the Research and Development Team.
Primary Responsibilities and Duties
Understanding of secure coding & secure design principles
Work with teams to help them adopt secure coding.
Train developers, architects, code reviewers, and others on secure coding practices
Serve as the subject matter expert for Application Security, providing guidance to
Engineering and Product teams. You will be the bridge between AppSec & Engineering
teams.
Develop standards and training for security testing tools focused on the application layer
(e.g., SAST, DAST, IAST, SCA) and Threat modeling
A solid understanding on Data Flow Diagrams (DFD), where you will provide guidance
to teams on calling out right data flows in a DFD.
Ability to build Threat models from DFD and mapping it to threats via STRIDE or any
threat model frameworks.
Ability to read a CVE scoring, understand the vulnerability and should have the ability to
guide teams on vulnerability severity assessments.
Work with development teams throughout the entire SDLC to ensure code is secure by
design, secure by default, secure in deployment and communication
Help software development teams to understand and remediate security findings within
prescribed timelines.
Research and review any reported or suspected application vulnerabilities from third
party library and source code.
Create technical approaches to implementing application security control technologies.
Perform risk assessments of identified vulnerabilities and mitigations.
Contribute to a world-class security program that supports Arctic Wolf’s tremendous
growth.
Mentors and coaches team members to further develop competencies.
The ability to effectively partner and communicate with Engineering and Product teamsKey Skills
Communication, Threat modeling, Code Review, Penetration Testing, Application
Testing, Research, Secure Coding, Cloud Technologies, Containerization Technologies
Key Competencies
Able to write clearly and succinctly in a variety of communication settings
and styles; can get messages across that have the desired effect.
Uses rigorous logic and methods to solve difficult problems with effective
solutions; probes all fruitful sources for answers; can see hidden problems; is
excellent at honest analysis; looks beyond the obvious and doesn't stop at
the first answers.
Comes up with a lot of new and unique ideas; easily makes connections
among previously unrelated notions; tends to be seen as original and value-
added in brainstorming settings.
 Minimum Qualifications
A bachelor’s degree in computer science, Information Systems, Engineering,
cybersecurity or related technical field; or equivalent experience.
3- 5 years of experience in software development within a large organization, preferable
in a SaaS environment. OR
A thorough understanding of modern software development practices.
Thorough understanding of OWASP Top 10 vulnerabilities/ SANS top 25 and
corresponding best practices for mitigation.
Experience in application security technologies such as SAST, DAST, IAST, SCA, etc.Solid SAST, DAST and SCA report reading skills which should translate to mitigations
of detections. The candidate must be able to analyze,
 Preferred Qualifications
3 + years of experience in security or infrastructure engineering Including assessing and
escalating to vendors for troubleshooting purposes.
Familiarity with SAST & DAST (Running scans to reading reports). Integration of the
tools to a CI/CD pipeline calls for some bonus points.
Familiarity with containerization technologies such as Docker and/or Kubernetes is a
huge plus.
Significant prior experience securing large-scale web applications, including performing
security code reviews, vulnerability assessments, and manual testing for logic flaws.
One or more Industry Certifications – (GPEN, GWAPT, CEH, OSCP etc.) is a plus.

Environment and Physical Demands
Work is primarily sedentary in nature and can be executed sitting or standing positions
in an office environment.
Requires ability to utilize technology related to using a keyboard, verbal communication,
and work with device screens which require visual acuity.
If located in a company office, often requires the mobility to physically navigate the
space.
In the event of business travel, mobility sufficient to utilize public and private transport
and navigate to essential locations.
May include moving or lifting of 25 pounds or less (e.g., office chair, reams of paper).
 Security Requirements
Conducts duties and responsibilities in accordance with AWN’s Information Security
policies, standards, processes, and controls to protect the confidentiality, integrity, and
availability of AWN business information.
Each successful candidate will be required to pass a criminal background check and an
employment verification as a condition of employment.