Application Security Engineer

Vintti is a strategic staffing agency that enhances the competitiveness of US businesses. By connecting SMBs, startups, and firms with highly skilled Latin American professionals, we offer a cost-effective solution to talent acquisition. Our model allows companies to access top-tier expertise at rates that significantly reduce overhead costs, enabling businesses to allocate resources more efficiently and boost their bottom line.

An Application Security Engineer is a pivotal figure in safeguarding an organization's software applications from security threats and vulnerabilities. This role involves working closely with development teams to integrate security measures throughout the software development lifecycle, conducting regular security assessments, and identifying potential risks. The engineer also stays updated on the latest security trends and technologies, ensuring that all applications adhere to industry standards and best practices. Through a combination of proactive planning and reactive measures, the Application Security Engineer helps to fortify the software against cyber threats, ensuring data integrity and privacy.

- Bachelor's degree in Computer Science, Information Security, or related field.
- Proven experience in application security and secure software development.
- Strong knowledge of security principles, techniques, and technologies.
- Proficiency in security assessment tools (e.g., static and dynamic analysis tools).
- Experience with threat modeling and risk assessment methodologies.
- Familiarity with coding languages such as Java, C#, Python, and JavaScript.
- Understanding of web application architectures and security issues related to them.
- Knowledge of OWASP Top Ten and other security frameworks and standards.
- Hands-on experience with penetration testing and vulnerability scanning tools.
- Strong problem-solving and analytical skills.
- Ability to communicate complex security concepts to technical and non-technical audiences.
- Experience with security incident response and forensics.
- Familiarity with regulatory requirements and industry best practices (e.g., GDPR, PCI-DSS).
- Excellent organizational and documentation skills.
- Experience with DevSecOps practices and integrating security into CI/CD pipelines.
- Strong collaboration skills and ability to work effectively within cross-functional teams.
- Continuous learning mindset with a passion for staying current on security trends and technologies.
- Relevant certifications such as CISSP, CEH, OSCP, or similar are a plus.

- Conduct security assessments and code reviews to detect vulnerabilities.
- Implement and manage security tools and technologies for application protection.
- Develop, document, and enforce application security best practices.
- Collaborate with development teams to integrate security throughout the software development lifecycle.
- Perform threat modeling and risk assessments for new and existing applications.
- Remediate vulnerabilities through patch management or code changes.
- Monitor applications for signs of security breaches or intrusions.
- Provide training and support for developers on secure coding and security protocols.
- Review and analyze security incident reports and recommend improvements.
- Implement and maintain security policies, procedures, and guidelines.
- Conduct regular security audits and ensure compliance.
- Stay current with the latest security trends, tools, and technologies.
- Engage in penetration testing and vulnerability scanning.
- Develop and maintain security-related documentation, including architecture and design documents.
- Collaborate with IT and other teams to ensure cohesive security measures.

The ideal candidate for the Application Security Engineer role is a highly analytical and proactive individual with a strong background in application security and secure software development. They possess a bachelor’s degree in Computer Science, Information Security, or a related field, complemented by proven hands-on experience in identifying and mitigating security vulnerabilities. With robust knowledge of security principles, techniques, and technologies, this candidate is proficient in using both static and dynamic security assessment tools and is well-versed in threat modeling and risk assessment methodologies. Their technical expertise extends across multiple coding languages, including Java, C#, Python, and JavaScript, and they have a deep understanding of web application architectures and related security concerns, including familiarity with standards such as the OWASP Top Ten. The ideal candidate demonstrates strong problem-solving and analytical abilities, enabling them to dissect complex security challenges and communicate solutions effectively to both technical and non-technical stakeholders. They exhibit excellent organizational and documentation skills, ensuring thorough and precise security documentation and policy implementation. With a collaborative and cooperative attitude, they seamlessly integrate security practices into the software development lifecycle, working closely with development, IT, and other cross-functional teams. Their continuous learning mindset keeps them abreast of the latest security trends and emerging technologies, while relevant certifications such as CISSP, CEH, or OSCP underscore their commitment to the field. This individual is adept at managing multiple tasks and projects, possesses high ethical standards and integrity, and is effective at mentoring and training developers on security protocols. They bring a meticulous and detail-oriented approach to addressing security vulnerabilities, coupled with an innovative mindset that fosters the development of cutting-edge security strategies.

- Conduct security assessments and code reviews of applications to identify vulnerabilities.
- Implement and manage security tools and technologies to protect applications.
- Develop, document, and enforce application security best practices.
- Collaborate with development teams to integrate security practices into the software development lifecycle.
- Perform threat modeling and risk assessment for new and existing applications.
- Remediate identified vulnerabilities through patch management or code changes.
- Monitor applications for security breaches or intrusions.
- Provide training and support to developers on secure coding practices and security protocols.
- Review and analyze security incident reports, providing recommendations for improvements.
- Implement and maintain security policies, procedures, and guidelines.
- Conduct regular security audits and compliance checks.
- Stay updated on the latest security trends, tools, and technologies.
- Engage in penetration testing and vulnerability scanning of applications.
- Develop and maintain security documentation, including architecture and design documents.
- Collaborate with IT and other teams to ensure cohesive security measures.

- Strong analytical and problem-solving mindset
- In-depth understanding of security best practices
- Ability to think proactively and anticipate security risks
- Strong communication skills, both written and verbal
- Detail-oriented and meticulous in approach
- Adaptability to evolving security challenges and technologies
- Collaborative team player with a cooperative attitude
- Self-motivated with a continuous learning mindset
- Ability to manage multiple tasks and projects effectively
- Strong sense of responsibility and ownership of tasks
- Expertise in identifying and solving security vulnerabilities
- High ethical standards and integrity
- Effective at training and mentoring others in security practices
- Innovative thinker with the ability to develop new security strategies
- Strong decision-making skills under pressure
- Ability to work independently with minimal supervision
- Experience in handling and responding to security incidents
- Commitment to staying current with industry trends and developments
- Excellent organizational and time-management skills

- Competitive salary range commensurate with experience and qualifications
- Comprehensive health, dental, and vision insurance plans
- Flexible remote work options or hybrid work model
- Generous Paid Time Off (PTO) and holidays
- Professional development and training programs
- Tuition reimbursement for continuing education
- Retirement savings plans with employer matching contributions
- Employee stock purchase plan (ESPP)
- Life and disability insurance coverage
- Wellness programs and employee assistance programs (EAP)
- Collaborative and inclusive work environment
- Opportunities for career advancement and growth
- Company-sponsored events and team-building activities
- Subscription to professional publications and resources
- Access to cutting-edge technology and tools