Job Description
The Application Security Engineer will work closely with developers and other security team members to maintain and improve the security posture of AppFolio applications. They will contribute to security initiatives as an individual contributor and work on high-impact projects as a member of the Security Engineering team. This will be accomplished with computer programming experience, an understanding of common Application Security vulnerabilities, an ability to use security testing tools and a strong passion for the technical aspects of information security.
Your impact
- Identify vulnerabilities in software applications and help get them fixed
- Provide security guidance and education to developers in order to build a strong security culture and bake security into products early
- Continuously improve tools and techniques in an Application Security pipeline
Must have
- B.S. in Computer Science or equivalent work experience
- 2-5 years of work experience programming in Ruby or a similar language
- 2-5 years of work experience with a CI/CD pipeline
- 2-5 years of work experience with threat modeling or risk assessment
- 2-5 years hands-on work experience evaluating applications for OWASP Top 10 security risks and recommending fixes/mitigations
- 2-5 years hands-on work experience with an enterprise Linux command line
- 2-5 years hands-on experience with Application Security testing tools (SAST, DAST, SCA, Web Proxies like Burp or ZAP)
- Familiarity with an MVC Framework like Rails
Nice to have
- Knowledge of networking principles and cloud platforms
- Knowledge of databases and SQL
- Knowledge of Cloud technologies
Compensation & Benefits
Please note that base pay is one important aspect of a compelling Total Rewards package. The base pay range indicated here does not include any additional benefits or bonuses/commissions that you may be eligible for based on your role and/or employment type.
Regular full-time employees are eligible for benefits - see here.
#LI-KB1