Reporting to the Director of Software Engineering, the Application Security Engineer is responsible for assisting the Development, Production Engineering, and Security Operations teams with application-level security assessment and threat mitigation.
- Review merge requests from Development and Production Engineering teams to proactively address security concerns before changes are merged to master
- Validate and address findings from static analysis tools
- Perform routine internal penetration testing
- Develop and evangelize secure programming standards
- Conduct periodic internal software security audits
- Validate, address, and document responses to security findings from third-party penetration testing engagements
- Other duties as assigned
- The above statements are neither intended to be an all-inclusive list of the duties and responsibilities of the job described, nor are they intended to be a listing of all of the
skills and abilities required to do the job. Rather, they are intended only to describe the general nature of the job. This job description is not a contract of employment,
either express or implied. Employment with Cofense will be voluntarily entered into and your employment is considered at will. Cofense reserves the right to alter the job
description at any time without notice.
Knowledge, Skills and Abilities Required
- Are able to read and write Ruby code
- Deep knowledge of the Ruby on Rails and Java Spring web frameworks preferred
- Have working knowledge of AWS or other cloud computing platforms preferred
- Have used static analysis tools such as Brakeman and Bundler-Audit desired
- Familiarity with proxies, firewalls, mail infrastructure, and other solutions commonly seen in large enterprises preferred
- Can comfortably use advanced git features such as rebase, rebase -i, merge --no-ff preferred
- Passionate about application security
- A self-starter who can identify work that needs to be done without waiting for direction
- Able to work effectively and be pragmatic as part of a remote team in a dynamic business environment
- Comfortable working independently but able to escalate problems when necessary
- Demonstrate strong oral and written communication skills
- Eager to learn; able to understand and apply new things relatively quickly
- Willing to mentor and guide fellow team members kindly and constructively
- Enjoy sharing knowledge via documentation
- Available to work off-hours as necessary
- Happy to travel occasionally for team meetings and events
- Can write PoC code and documentation that clearly demonstrate vulnerabilities
- Are proficient with or able to quickly learn automation tools such as Selenium
- Are able to find solutions to challenging technical puzzles with atypical constraints
- Can effectively use git and understand common SCM workflows
- Are able to write code that is intentional and readable rather than magically obscure
- Enjoy tinkering
- Can list and demonstrate examples of the OWASP Top 10; have experience playing with railsgoat preferred
- Familiarity with BDD preferred
Education and/or Experience:
- Have extensive professional experience in information security, as a vulnerability researcher, QS engineer, or developer
- Previous professional, full-stack app-sec experience preferred
- Experience using CI environments (Jenkins/Docker) preferred
- Four-year degree preferred
- Customer support experience (retail, help desk, consulting, etc.) preferred
In 2008, PhishMe was launched and fulfilled our vision of leveraging the everyday employee in the fight against phishing. After all, it’s the employee being targeted. Fast forward to today and we now have a full suite of phishing defense solutions and a new name that represents our focus on building an organization-wide collaborative, collective defense. Cofense.
Cofense combines market-leading incident-response technologies with employee-sourced attack intelligence for a complete collective defense against email-based cyber-attacks. With Cofense, you can disrupt attacks at delivery and stay ahead of breaches. Imagine a time when every user becomes an instinctual node on the network, feeding actionable intelligence to security teams. Where technology and users alike work together, creating a cycle of unparalleled vigilance and response. And where unmatched human aptitude meets the speed and orchestration of technology to find and eliminate threats.
This is the new state of collective defense – cyber security purpose-built to crash test every email. Designed to anticipate and disrupt the attack kill chain at delivery, triggering enterprise-wide detection and security automation and orchestration.
Today this is all made real for thousands of businesses around the world, from the global 2,000 to small and medium enterprises, representing all industries and verticals. Led by a team of pioneering cybersecurity experts, Cofense sharpens your organization’s aptitude for detection and delivers unprecedented engagement, response, and mitigation.
Move from one to many. Discover a new paradigm of cohesion and cooperation. With Cofense, you experience the power of the collective