Applications Security Engineer


Key information

Research, design and development
Professional, Engineer & Manager
3151 e imperial hwy ca 92821 brea, California, UNITED STATES
Regular Full time, Full-time
No Degree
More than 8 years

Job description

Job Summary:
The Application Security Engineer II will assist in planning and defining security controls for Company products and services by identifying/prioritizing vulnerabilities in our embedded operating systems, applications, drivers, databases, and related infrastructure components (on-prem, in cloud, hybrid networking). This position will also provide resolution guidance to the software development team, review code for adherence to security practices, conduct application security tests, monitor security events and audit trails, and respond to incidents. The Application Security Engineer II will also be responsible for educating and mentoring development teams on secure coding and application security best practices. They will work cross functionally with engineering architecture, software development and SecDevOps teams.

Duties and Responsibilities:
 Identify risks and areas of exposure in products, applications & services developed and/or utilized by the Company
 Perform security reviews of source code, stored procedures, and server/service configurations
 Define and document application security requirements for products, applications & services developed and/or utilized by the Company
 Oversee development of security components throughout all stages of the SDLC
 Perform manual and automated security testing of products, applications & services developed and/or utilized by the Company
 Monitor application logs and audit trails
 Monitor industry trends, threat landscape and recommend necessary controls or countermeasures
 Educate developers on secure coding techniques and security best practices
 Participate in development of security architectures, policies, standards, and processes
 Participate in Product Security incident Response Team (PSIRT), handling and performing application-related forensics activities
 Perform proactive research to detect new attack vectors
 Develop threat models based on data flows to identify threat scenarios and determine risk acceptability
 Balance security risk and product advancement within the parameters of the business
 Perform other job-related duties as assigned

Complementary description


Job requirements

Preferred Qualifications and/or Education:
 Bachelor's degree in Information Security, Information Systems, Application Development, Computer Science, Computer Engineering, or other related fields; or 5 years of relevant experience
 3-6 years of hands-on application development experience
 2+ years of hands-on application security experience
 1+ years of experience with real-time operating systems including embedded Linux, Timesys or other RTOS
 Professional security certification such as CISSP, CEH, GIAC highly desired
 Intermediate proficiency with C/C++ or Java. Experience with lower-level languages (Assembly), debug and reverse-engineering tools (IDAPro, JTAG, and disassemblers etc.) is a plus
 Intermediate knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay)
 Intermediate knowledge of SCA/SAST/DAST methodologies including vulnerability/penetration assessment tools (e.g. Nmap, Nessus, Kali) & web application testing tools (eg: Burp, Parox, Fiddler, Havij, netcat)
 Knowledge of encryption technologies, secure communications, and secure credentials management
 Knowledge of networking (TCP/IP, VLAN, segmentation) and web (HTTPS/API/REST/JSON) methodologies
 Experience and familiarity with widely accepted vulnerability frameworks and guidance (i.e., CVSS, OWASP, NIST, etc.)
 Demonstrated experience scripting with languages like Python, PowerShell, bash, etc. to create and automate security controls
 Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as PCI-DSS, ISO 27001/27013, NIST 800-53, RTCA DO-326A / 356A, and/or EUROCAE ED-202A
 Ability to identify security vulnerabilities from source code reviews and testing
 Experience in writing software security requirements, functional and integration testing, writing test cases and test procedures
 Ability to write proof-of-concept exploits is a big plus
 Can think like an attacker and use that context to develop threat models
 Experience with cloud, host, network, and application security
 A knack for finding flaws in software and can efficiently communicate how to fix them
 Ability to effectively communicate and educate others on the need and value-add of security efforts

Company information

Safran Passenger Solutions

Safran is an international high-technology group, operating in the aviation (propulsion, equipment and interiors), defense and space markets. Its core purpose is to contribute to a safer, more sustainable world, where air transport is more environmentally friendly, comfortable and accessible. Safran has a global presence, with 79,000 employees and sales of 16.5 billion euros in 2020 and holds, alone or in partnership, world or regional leadership positions in its core markets. Safran undertakes research and development programs to maintain the environmental priorities of its R&T and Innovation roadmap.

Safran ranks first in Forbes's 2020 list of the World's Best Employers for its sector.

Safran Passenger Solutions focuses on delivering an enhanced passenger experience by providing in-flight entertainment systems, conditioning control of the cabin and equipment, water and waste management systems, cabin lighting and advanced equipment and systems for commercial and business jets.

Hit enter to search or ESC to close