Application Security Engineer

Who We Are:

Sequoia is the strategic partner helping investor-backed companies of all sizes achieve their business goals through smarter people spend. For 24 years, we’ve guided the most innovative employers to navigate growth and get the most out of their global people investment. With our expert advisory team and integrated platform, we help clients drive business impact through their total comp and benefits, improving executive decision making, controlling costs, protecting the business, and elevating the employee experience. Visit Sequoia.com or follow us on LinkedIn to learn more.

As an Application Security Engineer, you will be providing application security expertise throughout the Software Development LifeCycle (SDLC) as well as being responsible for managing and driving forward the Application Security Analytics practices. A key part of your role will also involve validating and testing web applications in order to ensure applications meet the requirements of the SDLC Policy and industry best practices. In addition, undertaking threat modelling and conducting periodic penetration testing using best of breed tools, a good understanding of the OWASP Top 10 vulnerabilities and maintaining documentation.

You'll perform various day-to-day activities related to ensuring the security of Sequoias application environment. These tasks may include conducting application security reviews to identify vulnerabilities in software applications that could be exploited by attackers, performing penetration testing to assess the effectiveness of existing security controls and identify potential weaknesses, providing training and outreach to internal development teams to improve their understanding of security best practices, developing security guidance documentation to help others understand how to implement secure systems and applications, developing security tools to automate or streamline security processes, delivering security metrics to stakeholders and working on improving the overall security posture of your organization.

What You Get to Do:

• Application security reviews

• Mobile security reviews

• Secure architecture design

• Threat modeling

• Projects and research work as needed

• Security training and outreach to internal development teams

• Security guidance documentation

• Security tool development

• Security metrics delivery and improvements

• Assistance with recruiting activities and administrative work

What You Bring:

•  5+ years' experience with emphasis on application development, application security or related fields.

•  3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object-oriented language experience

•  2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience

•  3+ years' experience in application security technologies with knowledge of application security threats. Experience with threat modeling, attack surface analysis, penetration testing, software vulnerability assessments, and understanding of software security threat vectors.

•  Knowledge of Component Analysis using tools such as OWASP Dependency-Check, Bytesafe Dependency Checker, Patton, PHP Security Checker, etc.

•  Experience with static and dynamic application security testing.

•  Experience with AWS products and services

•  Bachelor's degree in computer science or equivalent

 Preferences:

•  Experience as an application security engineer using a suite of tools used for the following:

•  Recon and Information Gathering (e.g. Nmap, NetCat, Spiders, OWASP Zed Attack Proxy).

•  Mapping and Discovery (e.g. Burp Suite with plug-ins)

•  Exploitation of top OWASP vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, etc. Experience with tools such as MetaSploit, AppScan or WebInspect.

•  Knowledge of Threat modeling using PASTA and STRIDE methodology.

•  Knowledge of OWASP Best practices

•  Knowledge of OWASP Testing Guide 4.0

•  Knowledge of OWASP Code Review 2.0

•  Knowledge of Software Component Verification

Sequoia’s Culture – Our most important asset 

• Integrity 

• Passion for service 

• Innovative 

• Growth oriented 

• Caring for others 

• Promise-centric 

• Focused on relationship building 

Sequoia provides equal opportunity to all applicants without regard to race, color, creed, religion, citizenship, national origin, age, sex, sexual orientation, gender identity, pregnancy, marital status, military or veteran status, disability, or any other basis prohibited by applicable law.

Compensation & Benefits
Sequoia provides competitive compensation including base salary, performance-based bonus programs, and comprehensive benefits package.

Sequoia’s Candidate Privacy Policy 

https://www.sequoia.com/legal/candidate-privacy-policy/