America First Credit Union

Application Security Engineer I

America First Credit Union · Roy, Utah, United States

Financial Services · 1,001-5,000 employees

2 d ago
Mid (2-5 yrs) Full-time United States
Log in to apply, save this posting, or score it against your profile with AI.

About the role

The role focuses on shielding web applications from threats through proactive defense, custom alerting, and secure coding practices. It involves collaborating with development teams and managing the application security lifecycle from design to response.

What they look for

Application Security Secure Coding Threat Modeling Security Design Review Incident Management Penetration Testing Programming Scripting Analytical Problem Solving Communication Skills

Requirements

Requires a Bachelor's degree in Computer Science or a related field and three years of technical information security experience. Candidates must have a grounding in programming and a strong understanding of the secure software development lifecycle.

Full description

Overview

The Application Security Engineer I is a foundational role within the SOC, instrumental in shielding the organization's web applications from malicious threats. This proactive individual will be deeply involved in crafting robust defenses for critical applications, working with development teams to improve secure coding practices, promptly responding to any threats or attacks, and actively contributing to the development of custom alerting use-cases tailored for public-facing applications. They exhibit a broad sense of ownership over application security domains, from prevention and detection to a decisive response, ensuring comprehensive application protection.

Responsibilities

  • Assist with the proactive identification and rapid response to security threats targeting critical applications.
  • Contribute to the development and refinement of custom alerting use-cases to monitor for threats against public-facing web applications.
  • Play an integral part in the application security lifecycle, including policy formulation, security design review, and threat modeling.
  • Participate in the continuous eveolution of security incident management processes and emergency response plans.
  • Work closely with development teams to embed security awareness and best practices into the development life cycle.
  • Engage in continuous education to remain abreast of new threats, vulnerabilities, and security trends.
  • Assist in the coordination and preparation of 3rd-party PenTests.
  • Ability to develop a foundational knowledge/capability of application PenTests.

Qualifications

Education & Experience:

  • A Bachelor's Degree in Computer Science or a closely related field.
  • Three years of experience in information security, in a technical role, preferably with exposure to application security in a corporate environment.
  • Demonstrated participation in security projects with a focus on applications, including internships or academic projects.
  • A grounding in programming and scripting languages, and an appreciation for the secure software development lifecycle.

Skills & Qualifications:

  • A proactive mindset with a thorough sense of responsibility for all aspects of application security.
  • Effective communication skills to articulate security needs and breaches to technical and non-technical stakeholders.
  • Capability to juggle multiple security tasks with an analytical approach to problem-solving and a keen eye for detail.