Application Security Engineer - Remote

Fanatics

Application Security Engineer - Remote

Location(s)

Boulder, CO, Jacksonville - Nations Way, San Mateo, CA

Job Code

2806

# of openings

1

Apply Now

Job Summary:

Fanatics is looking for an Application Security Engineer to join our Information Security team. This position will partner with our cross functional engineering teams to continually improve product security by incorporating security in all phases of software development life cycle, develop, and identify tools to support automation of the development and delivery (CI/CD) pipeline.Information Security team members are given a great deal of autonomy in the pursuit of keeping Fanatics secure and a successful candidate will demonstrate strong communication skills and is expected to be comfortable and effective working independently and as part of a larger, highly distributed team.We're looking specifically for folks who place an emphasis on usable security. Fanatics is a fast-growing company and our security program needs to be able to keep pace with that growth while not disrupting innovation.

Responsibilities:

  • Establish security best processes and practices for our mobile, on-premise and cloud-based platforms.
  • Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls
  • Implement secure Software Security Development Lifecycle processes and software maturity model
  • Perform Architectural risk analysis and threat modeling, secure design and source code review
  • Conduct security assessments, security testing and validation of vulnerability scan results
  • Incorporate security tools/tasks to automate product development and deployment
  • Establish supply chain security process and ensure 3rd party software meet the standards
  • Mentor and train development teams on secure coding standards and techniques

Skills:

  • In-depth knowledge of web and mobile security vulnerabilities, attack vectors and mitigation techniques
  • Demonstrated security experience in Cloud (AWS) and Mobile (IOS and Android) platforms
  • Experience with multiple programming languages (Java, JavaScript, Go, Python, Ruby, Objective-C, C#, PHP) with hands on expert level coding experience with at least one scripting and one objected oriented programming language
  • Fluent with security testing with SAST, DAST, Fuzz and penetration testing tools
  • Good understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25
  • Knowledge of DevSecOps to maintain security in CI/CD pipeline
  • Solid experience with security tools like CheckMarx, BurpSuite, Nessus, QualysGuard
  • Familiar with tools like Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Splunk
  • Experience with micro services, container deployment and service orchestration
  • Strong knowledge of cryptography, API security, secret management, infrastructure hardening, network security, Identity and access management
  • Ability to clearly and effectively communicate concerns and issues to the management and engineers

Experience:

  • A minimum 5 years of software engineering with at least 3 years of application security experience
  • CS degree in related field or an equivalent 4 years of work experience related to application or product security
  • Demonstrated experience in developing, documenting and maintaining security applications/tools and procedures/standards

View this job on