Application Security Engineer at AFEX

Job Summary

• As an Application Security Engineer, you will play a crucial role in ensuring the security and integrity of our applications at the Commodities Exchange.
• You will be responsible for designing, implementing, and maintaining robust security measures and practices throughout the software development lifecycle.
• Collaborating with development teams, you will identify potential vulnerabilities, conduct security assessments, and provide guidance on secure coding practices.
• Your expertise will help safeguard our applications and protect sensitive data from potential threats.

Responsibilities

• Design and implement application security practices, frameworks, and guidelines to ensure secure development and deployment of software applications.
• Collaborate with development teams to conduct security reviews and identify potential vulnerabilities and risks.
• Perform manual and automated security testing of applications to identify and remediate security weaknesses.
• Conduct code reviews to identify and address security vulnerabilities in application code.
• Develop and deliver training sessions on secure coding practices for development teams.
• Implement and maintain application security tools and technologies, such as static code analysis, vulnerability scanning, and penetration testing tools.
• Stay updated with the latest security threats, vulnerabilities, and best practices related to application security.
• Participate in incident response activities, including investigations, root cause analysis, and remediation of security incidents.
• Work closely with cross-functional teams, including DevOps and Security Operations, to ensure a comprehensive and integrated security approach.
• Collaborate with external security vendors and auditors to conduct security assessments and audits.

Requirements

• Bachelor’s degree in computer science, Information Security, or a related field
• At least 3 years of experience in application security or a related role
• Strong knowledge of application security principles, secure coding practices, and common vulnerabilities (e.g, OWASP Top 10)
• Experience with manual and automated application security testing techniques, tools, and frameworks
• Familiarity with industry-standard security frameworks, such as NIST, ISO 27001, or PCI-DSS
• Proficiency in modern programming languages such as JavaScript or Python
• Knowledge of web application architectures, APIs, and web services
• Experience with secure software development lifecycle (SDLC) practices, including threat modeling and secure code reviews.
• Familiarity with cloud platforms (e.g., AWS, Azure, Google Cloud Platform) and their security controls
• Excellent analytical and problem-solving skills
• Strong communication and interpersonal skill