Overview
The AppSec Security Engineer evaluates service design and architecture and performs deep-dive security assessments to ensure applications and services meet a high security bar before launch. This role works alongside senior engineers to identify issues, drive remediation, and validate that security requirements are met.
Responsibilities
- Security Reviews: Conduct design reviews for new and existing services, evaluating architecture documents and system designs for security risks.
- Threat Modelling: Identify attack vectors and security weaknesses in application architectures through structured threat modelling exercises.
- Penetration Testing: Coordinate penetration testing to validate security controls and identify exploitable vulnerabilities.
- Finding Management: Document, track, and communicate security findings to service teams with clear remediation guidance, and verify fixes are implemented.
- Security Guidance: Advise development teams on secure coding practices, authentication/authorization mechanisms, cryptographic implementations, and data protection strategies.
- Escalation Support: Identify and escalate high-severity issues through appropriate channels, ensuring timely remediation aligned with launch timelines.
- Documentation: Maintain clear documentation of review outcomes, security decisions, and risk assessments.
- Tool Improvements: Leverage automated tools to support reviews and improve efficiency.
#J-18808-Ljbffr…
