Application Security Engineer
At Kimbal
Application Security Engineer: An application security engineer is an Individual Contributor role responsible for maintaining Kimbal Technologies Application Security posture, the role requires to work closely with the Development & Quality Assurance team to help them understand what security flaws they need to watch out for, and how to fix the ones already present in the application.
A TYPICAL DAY OF Application Security Engineer AT KIMBAL
- Conducting regular internal Vulnerability Assessments and Penetration Tests on all Kimbal Applications, both on the Source Code and Running Code.
- Prioritise identified vulnerabilities based on risk to the security of the application and business and prepare a mitigation plan.
- Follow-up on all identified vulnerabilities as per the mitigation plan and work with Development & Quality Assurance teams to close them.
- Supporting the preparation of application security releases with Development & Quality Assurance teams.
CURRENT MAJOR CHALLENGES FOR THE POTENTIAL HIRE TO RESOLVE:
- Developing and maintaining Kimbal Technologies Application Security Policies and Procedures.
- Performing application security-focused code reviews on all Kimbal Applications.
- Maintaining technical documentation and Threat modelling and automating application security scans and tests.
- Validate latest application security improvements including Zero Day Vulnerabilities with additional application testing.
KIMBAL DESIRES THE Application Security Engineer TO HAVE:
- Knowledge of OWASP TOP 10 + SANS CWE Top 25 is a MUST.
- Proficiency with penetration testing tools include but not limited to (e.g., Metasploit, Burp Suite, Nmap, Kali Linux, SSL Labs, OWASP ZAP).
- Knowledge of scripting and programming languages (e.g., Python, Ruby, Bash) for custom tool development and automation.
- Knowledge and implementation of OWASP – Application Security Verification Standard will be a big PLUS.
- OS knowledge: Windows / Ubuntu.
- Knowledge of .Net – platform.
