Application Security SAST Engineer
Posted Apr 20, 2021 - Requisition No. 90270
The Product Security team is dedicated to making our products and technologies as secure as possible. We report into the CISO, but work closely with engineering teams, product teams, and others across the organization to integrate security into the product life cycle from design through deployment. Our colleagues depend on us to be application, network, and host security pros. We specialize in defining security requirements, performing application security assessments, and providing developers with remediation advice. On any given day we're performing security reviews on internal and third party applications, providing guidance on security/coding best practices, as well as evaluating processes, network design, and access controls.
What is the Role?
As an Application Security SAST Engineer you will leverage your deep understanding of SAST tools in order to ensure their efficient and effective operation against our code base and custom frameworks. You will work with team members to improve SAST tool processes and workflows, as well as write custom rules to address gaps identified by team members performing tool assisted security reviews.
We will trust you to:
- Maintain SAST tools used by security teams and developers
- Write custom SAST tool rules to better identify security vulnerabilities
- Validate SAST tool findings and identify areas for improvement
- Provide remediation guidance to programmers and management
You will need to have:
- Experience configuring and writing custom rules for Fortify or Checkmarx
- Experience triaging security vulnerabilities
- Deep understanding of common security vulnerabilities and attack vectors
- Experience writing and maintaining Python code
- Ability to read and understand C/C++ code
- The ability to communicate complicated technical issues and risks to programmers, network engineers and managers.
We'd Love to See:
- Experience reporting SAST tool and vulnerability metrics to management
- Developer experience in Python or C/C++
- Experience integrating multiple SAST tools into a security program
If this sounds like you:
Apply if you think we're a good match. We'll get in touch to let you know what the next steps are.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.