Application Security Engineer

At Stockbit & Bibit, we prioritize the security of our applications and the data of our users. As an Application Security Engineer, you will play a vital role in ensuring the security and integrity of our software and systems. You will work closely with our development teams to identify and remediate security vulnerabilities, conduct penetration testing, and implement best practices to safeguard our applications and infrastructure.

Responsibilities

1. Secure Code Review: Conduct thorough code reviews to identify and address security flaws, including vulnerabilities like SQL injection, cross-site scripting (XSS), and insecure direct object references (IDOR).
2. Security Testing: Design and execute various security tests, such as penetration testing, vulnerability scanning, and static/dynamic analysis, to proactively uncover weaknesses in the application.
3. Threat Modeling: Collaborate with development teams to identify potential threats and vulnerabilities, assess their impact, and develop effective mitigation strategies.
4. Bug Bounty: Triage and validate bug reports submitted by external researchers.
5. Security Architecture: Provide guidance on secure architecture and design patterns to ensure that security is built into the application from the ground up.
6. Incident Response: Assist in the investigation and remediation of security incidents, working to minimize the impact and prevent future occurrences.
7. Security Awareness: Educate development teams about security best practices and promote a culture of security within the organization.
8. Stay Informed: Keep up-to-date with the latest security trends, vulnerabilities, and attack techniques to ensure the application remains protected against evolving threats.

Minimum Requirements

1. Bachelor's degree in Computer Science, Engineering, or a related field.
2. At least 3 years of experience in application security, secure coding practices, and vulnerability management.
3. Strong understanding of web application vulnerabilities, OWASP Top 10, and modern attack vectors.
4. Hands-on experience with web application security testing tools such as Burp Suite, OWASP ZAP, etc.
5. Experience with secure coding practices and common programming languages (e.g., Java, Python, NodeJS).
6. Knowledge of cloud security principles and best practices.
7. Certifications such as CISSP, CEH, or OSCP are a plus.
8. Strong problem-solving and analytical skills.
9. Excellent communication and collaboration abilities to work effectively with cross-functional teams.