Applications Security Engineer L1
Guatemala
Job SummaryWe are seeking a motivated and detail-oriented Application Security Engineer Level 1 to join our fintech company's security team. As an AppSec Engineer L1, you will help identify, analyze, and mitigate security vulnerabilities in our applications, working closely with product development teams to secure web, API, and mobile systems. You will engage in hands-on activities such as security reviews, basic scripting, automation, and vulnerability validation. This individual contributor role is perfect for engineers who are starting their security career and are eager to deepen their technical and security expertise, while contributing to the overall resilience of our applications.
Key Responsibilities
1. Application Security Assessments- Assist in identifying and analyzing vulnerabilities, with a primary focus on OWASP Web, API, and Mobile Top 10 risks.- Perform taint analysis and manual code reviews to find insecure sinks, banned functions, and security flaws.- Investigate vulnerability classes like IDOR, XSS, SQL Injection, Mass Assignment, JWT-related issues, SSRF, and Serialization attacks.
2. Scripting and Automation- Write Python scripts for tasks like log parsing, basic service interaction, or automating API testing.- Use libraries such as requests or scapy to simulate security scenarios and support security assessments.- Contribute to extending and using internal AppSec automation frameworks under guidance.
3. Code Review and Secure Development- Review code for common security issues, analyze input flows across complex function graphs, and understand data sanitization points.- Document vulnerabilities clearly with supporting evidence and propose secure coding practices.
4. Security Tooling and Manual Testing- Utilize tools like Burp Suite, Caido, ZAP to manually test web and API endpoints, replay requests, and fuzz parameters.- Perform manual testing for Out-of-Band interactions using Burp Collaborator or similar tools.- Familiarity with Android app security testing tools like MobSF, Jadx, Apktool.
5. Cross-Functional Collaboration- Work closely with engineering teams to communicate findings, clarify risk impact, and collaborate on fixes.- Participate in security-focused standups, retrospectives, and design reviews.- Support security champions across product teams with technical insights.
6. Continuous Learning and Improvement- Stay current on emerging application security vulnerabilities, security tooling, and attack techniques.- Proactively learn about new technologies introduced into the tech stack and assess their security implications.
Requirements:
Educational Background:Bachelor’s degree in Computer Science, Engineering, Information Security, or equivalent practical experience.
Experience:0–2 years of experience in application security, software engineering, or a related technical role.
Technical Skills:- Understanding of OWASP Top 10 for Web, API, and Mobile; able to reason about vulnerabilities like IDOR, XSS, SQLi, SSRF, - - JWT issues.- Basic Python scripting for tasks like log parsing or simple API interaction.- Familiarity with secure coding principles and performing code reviews focused on identifying insecure patterns.- Use of HTTP proxies (Burp Suite, Caido, ZAP) for manual request manipulation and fuzzing.- Awareness of Android security testing tools (MobSF, Apktool, Jadx).- Familiarity with instrumentation frameworks like Frida for tasks such as SSL pinning bypass or API hooking (preferred but not required).
Soft Skills:- Analytical thinker with strong attention to detail.- Effective communicator with the ability to explain technical issues clearly.- Eager to learn and grow in the application security field.- Strong work ethic and ownership mentality.- Comfortable working in a fast-paced environment and collaborating across teams.
Preferred Qualifications- Exposure to secure development lifecycle (SDL) practices.- Familiarity with Frida or dynamic instrumentation techniques.- Basic understanding of authentication, authorization models, and crypto vulnerabilities.- Practical experience with penetration testing for web or mobile apps.- Hands-on experience using version control (e.g., Git).
Key Responsibilities
1. Application Security Assessments- Assist in identifying and analyzing vulnerabilities, with a primary focus on OWASP Web, API, and Mobile Top 10 risks.- Perform taint analysis and manual code reviews to find insecure sinks, banned functions, and security flaws.- Investigate vulnerability classes like IDOR, XSS, SQL Injection, Mass Assignment, JWT-related issues, SSRF, and Serialization attacks.
2. Scripting and Automation- Write Python scripts for tasks like log parsing, basic service interaction, or automating API testing.- Use libraries such as requests or scapy to simulate security scenarios and support security assessments.- Contribute to extending and using internal AppSec automation frameworks under guidance.
3. Code Review and Secure Development- Review code for common security issues, analyze input flows across complex function graphs, and understand data sanitization points.- Document vulnerabilities clearly with supporting evidence and propose secure coding practices.
4. Security Tooling and Manual Testing- Utilize tools like Burp Suite, Caido, ZAP to manually test web and API endpoints, replay requests, and fuzz parameters.- Perform manual testing for Out-of-Band interactions using Burp Collaborator or similar tools.- Familiarity with Android app security testing tools like MobSF, Jadx, Apktool.
5. Cross-Functional Collaboration- Work closely with engineering teams to communicate findings, clarify risk impact, and collaborate on fixes.- Participate in security-focused standups, retrospectives, and design reviews.- Support security champions across product teams with technical insights.
6. Continuous Learning and Improvement- Stay current on emerging application security vulnerabilities, security tooling, and attack techniques.- Proactively learn about new technologies introduced into the tech stack and assess their security implications.
Requirements:
Educational Background:Bachelor’s degree in Computer Science, Engineering, Information Security, or equivalent practical experience.
Experience:0–2 years of experience in application security, software engineering, or a related technical role.
Technical Skills:- Understanding of OWASP Top 10 for Web, API, and Mobile; able to reason about vulnerabilities like IDOR, XSS, SQLi, SSRF, - - JWT issues.- Basic Python scripting for tasks like log parsing or simple API interaction.- Familiarity with secure coding principles and performing code reviews focused on identifying insecure patterns.- Use of HTTP proxies (Burp Suite, Caido, ZAP) for manual request manipulation and fuzzing.- Awareness of Android security testing tools (MobSF, Apktool, Jadx).- Familiarity with instrumentation frameworks like Frida for tasks such as SSL pinning bypass or API hooking (preferred but not required).
Soft Skills:- Analytical thinker with strong attention to detail.- Effective communicator with the ability to explain technical issues clearly.- Eager to learn and grow in the application security field.- Strong work ethic and ownership mentality.- Comfortable working in a fast-paced environment and collaborating across teams.
Preferred Qualifications- Exposure to secure development lifecycle (SDL) practices.- Familiarity with Frida or dynamic instrumentation techniques.- Basic understanding of authentication, authorization models, and crypto vulnerabilities.- Practical experience with penetration testing for web or mobile apps.- Hands-on experience using version control (e.g., Git).
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
2
0
0
Category:
Security Engineering Jobs
Tags: Android APIs Application security Automation Burp Suite Computer Science Crypto FinTech OWASP Pentesting Python Scripting Security assessment SQL SQL injection SSRF Vulnerabilities XSS
Perks/benefits: Career development
Region:
North America
Country:
Guatemala
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Senior Cybersecurity Engineer jobsSystems Engineer jobsSenior Security Analyst jobsSenior Cloud Security Engineer jobsSystems Administrator jobsCybersecurity Editor jobsCybersecurity Content Editor jobsSenior Information Security Analyst jobsInformation Security Manager jobsCyber Security Specialist jobsSenior Network Security Engineer jobsIT Security Analyst jobsChief Information Security Officer jobsSenior Information Security Engineer jobsSecurity Consultant jobsInformation System Security Officer (ISSO) jobsSecurity Specialist jobsIT Security Engineer jobsSenior Product Security Engineer jobsInformation Systems Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Cyber Security Engineer jobsSenior Software Engineer jobsSecurity Operations Analyst jobsCyber Security Architect jobs
Encryption jobsJava jobsBash jobsTS/SCI jobsCEH jobsThreat detection jobsTop Secret jobsTerraform jobsSplunk jobsSDLC jobsRMF jobsMalware jobsSQL jobsSOC 2 jobsIDS jobsIPS jobsDocker jobsFinance jobsCompTIA jobsActive Directory jobsForensics jobsITIL jobsOWASP jobsIntrusion detection jobsVPN jobs
Ansible jobsGIAC jobsHIPAA jobsIT infrastructure jobsCRISC jobsTCP/IP jobsDoDD 8570 jobsClearance Required jobsOSCP jobsZero Trust jobsCCSP jobsDNS jobsMITRE ATT&CK jobsData Analytics jobsJira jobsSOX jobsIndustrial jobsJavaScript jobsCISO jobsNIST 800-53 jobsMachine Learning jobsArtificial Intelligence jobsBanking jobsSOAR jobsUNIX jobs