Application Security Engineer

Vintti is revolutionizing remote staffing by prioritizing time zone alignment. We connect US-based SMBs, startups, and firms with Latin American professionals who work synchronously with US schedules. This approach ensures that businesses can maintain their usual workflows, conduct real-time meetings, and collaborate effectively without the typical challenges of working across disparate time zones.

An Application Security Engineer plays a crucial role in ensuring the safety and security of software applications. They are responsible for identifying and mitigating security vulnerabilities throughout the software development lifecycle. This role involves working closely with development teams to integrate robust security measures into the code, conducting regular security assessments, and staying updated with the latest security threats and technologies. The goal of an Application Security Engineer is to protect against potential breaches and ensure that applications meet stringent security standards, safeguarding both the organization's data and its users.

- Bachelor’s degree in Computer Science, Information Security, or related field.
- Proven experience as an Application Security Engineer or in a similar role.
- Strong understanding of common security vulnerabilities (e.g., OWASP Top Ten) and their mitigation techniques.
- Proficiency in security testing tools such as static code analysis (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST).
- Familiarity with secure coding practices and security frameworks like OWASP.
- Experience conducting code reviews and security assessments.
- Knowledge of threat modeling and risk assessment methodologies.
- Hands-on experience with security incident response and root cause analysis.
- Expertise in application security within various development environments (e.g., web, mobile, cloud).
- Ability to collaborate effectively with cross-functional teams including developers, testers, and operations personnel.
- Excellent analytical and problem-solving skills.
- Strong communication and presentation skills to effectively convey security concepts.
- Thorough understanding of security best practices and compliance requirements.
- Familiarity with DevSecOps practices and integrating security into CI/CD pipelines.
- Ability to stay current with the latest security threats, vulnerabilities, and industry trends.
- Relevant certifications such as CISSP, CSSLP, CEH, or equivalent.
- Experience with programming and scripting languages (e.g., Java, Python, JavaScript) is a plus.
- Strong organizational skills and the ability to manage multiple tasks and projects simultaneously.
- High level of integrity and ethical behavior.

- Conduct detailed security assessments and code reviews of various applications.
- Identify application vulnerabilities and collaboratively work on remediation strategies.
- Integrate security best practices into the software development lifecycle in partnership with development teams.
- Implement and manage security tools, including static and dynamic application security testing.
- Develop, update, and enforce application security standards, guidelines, and best practices.
- Perform in-depth threat modeling and risk assessments on both new and existing applications.
- Respond promptly to security incidents, conduct root cause analysis, and implement corrective actions.
- Continuously monitor and analyze security logs and alerts related to applications.
- Create and deliver targeted security training and awareness programs for engineering teams.
- Participate in architecture and design reviews to ensure security considerations are incorporated.
- Stay informed on the latest security vulnerabilities, threats, and industry trends.
- Generate comprehensive security metrics and reports to communicate issues and progress to stakeholders.
- Facilitate and support penetration testing activities and manage engagements with third-party security vendors.
- Assist in the timely implementation of necessary security patches and updates.
- Advocate for continuous improvement in security posture and promote the adoption of advanced security tools and methodologies.

The ideal candidate for the Application Security Engineer role will possess a Bachelor’s degree in Computer Science, Information Security, or a related field, combined with proven experience in application security. They will exhibit an in-depth understanding of common security vulnerabilities, particularly those outlined in the OWASP Top Ten, and demonstrate proficiency in using security testing tools such as SAST, DAST, and IAST. This individual will have a robust background in conducting detailed code reviews and security assessments, coupled with familiarity with secure coding practices and frameworks like OWASP. They will excel in threat modeling and risk assessments for both new and existing applications and have hands-on experience in responding to security incidents and performing root cause analysis. The ideal candidate will be adept at collaborating with cross-functional teams, including developers, testers, and operations personnel, to integrate security best practices into the software development lifecycle. They will possess excellent analytical, problem-solving, communication, and presentation skills, allowing them to effectively convey complex security concepts. Familiarity with DevSecOps practices and integrating security into CI/CD pipelines is essential. The candidate will maintain a strong commitment to staying current with the latest security threats and industry trends, supported by relevant certifications such as CISSP, CSSLP, or CEH. Highly analytical with meticulous attention to detail, this individual will prioritize tasks effectively and manage multiple projects simultaneously. With strong ethical standards, integrity, and the ability to work both independently and as part of a team, the candidate will display resilience, innovation, and a proactive approach to problem-solving, continuously striving for professional development and security excellence.

- Conduct security assessments and code reviews of applications.
- Identify, report, and help remediate vulnerabilities in applications.
- Collaborate with development teams to integrate security into the software development lifecycle.
- Implement and manage security tools such as static code analysis and dynamic application security testing.
- Develop and maintain security standards, guidelines, and best practices for applications.
- Perform threat modeling and risk assessments for new and existing applications.
- Respond to security incidents and perform root cause analysis.
- Monitor and analyze security logs and alerts from applications.
- Develop and deliver security training and awareness programs for engineering teams.
- Participate in architecture and design reviews to ensure security best practices are followed.
- Stay updated on the latest security threats, vulnerabilities, and technology trends.
- Generate security metrics and reports to communicate findings to stakeholders.
- Support penetration testing and manage engagements with third-party vendors.
- Assist in the implementation of security patches and updates.
- Advocate for security improvements and the adoption of security tools and methodologies.

- Highly analytical mindset with strong problem-solving skills
- Strong attention to detail and meticulousness
- Excellent communication and collaboration skills
- Proactive and able to work independently
- Strong ethical standards and integrity
- Ability to prioritize tasks effectively
- Adaptability to fast-paced and dynamic environments
- Continuous learner with a passion for security
- Strong technical aptitude
- Effective time management and organizational skills
- Team player with a supportive attitude
- Innovative thinking and ability to propose new solutions
- Strong resilience and ability to handle pressure
- Commitment to continuous improvement and professional development
- Demonstrated leadership abilities and influence in a team setting

- Competitive salary range commensurate with experience
- Comprehensive health, dental, and vision insurance
- Employer-paid life and disability insurance
- Flexible work hours and remote work options
- Generous paid time off (PTO) and holidays
- 401(k) retirement plan with company match
- Professional development opportunities and reimbursement for relevant certifications
- Access to cutting-edge security tools and technologies
- Continuous learning and training opportunities
- Employee wellness programs, including mental health support
- Opportunities for career advancement within the company
- Collaborative and inclusive work culture
- Employee recognition and reward programs
- Subsidized transportation or parking benefits
- Casual dress code
- Company-sponsored events and social activities
- Access to a company-wide mentorship program
- Paid parental leave and family support programs
- Stock options or equity opportunities (if applicable)
- Employee assistance programs (EAP)