S

Senior Application Security Engineer

Spearhead Technology
Full-time
On-site
Draper, Utah, United States


About the job: Senior Application Security Engineer 
 

Career Level : Mid-level to Senior.

Location : Onsite - Draper (Utah) 

Who We Are:

This is Spearhead Technology — where every challenge is an opportunity, and every solution is a masterpiece in the making. As a full-lifecycle IT company, we transcend mere delivery; we engineer success.


From inception to implementation, our seasoned expertise shepherds every phase of the journey. Be it planning, analysis, design, development, testing, or the seamless transition to production, we stand as steadfast partners in our clients’ progress.

At Spearhead Technology, quality isn't a mere aspiration—it's our ethos. Rooted in Tech Advisory, our methodology is guided by insights that spark transformative outcomes. We recognize the paramount importance of talent retention. Through a steadfast commitment to work-life balance, competitive remuneration packages, and an optimized operational model, we ensure our team remains as exceptional as our services.


Step into Spearhead Technology, where innovation meets precision, and together, let's sculpt the future of technology with finesse and distinction.



Requirements

As an Application Security Engineer, you will work to support the various processes and procedures related to application security and gathering information from product engineering teams related to these activities. You will make a difference in promoting a culture of security inside the engineering organization and work with engineers to produce more secure applications. You will work to both collect and disseminate information throughout the business. To ensure processes and procedures are operating efficiently and effectively. You will support the developers in their efforts to secure our applications and assist in the documentation and tracking of various application security and cloud. 


What You Will Do
• Collaborate with engineers, consultants, and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC)
• Build automated code scanning tools to identify security vulnerabilities in application code and infrastructure code using both open source and commercial tools Integrating open-source and/or commercial static application code scanning tools with the CI/CD Pipeline
• Enable secure-by-default best practices by developing libraries and frameworks to prevent future vulnerabilities
• Operate at enterprise scale by building and managing tools that help test, monitor, and improve application security
• Develop security standards, preferred implementation patterns, secure common frameworks, and developer documentation and educational materials
• Provide secure developer training to software engineers on how to write secure code and follow best practices
• Conduct web app penetration testing, code scanning, dependency scanning that can be incorporated into SDLC process and CI/CD pipeline
• Work closely and together with the development team to provide guidance and mitigate security vulnerabilities
• Perform security architecture and design reviews of all systems and applications developed at Acima.
• Provide a leadership role in the development, implementation and maintenance of consistent application and infrastructure architecture security programs.

Qualifications
• 3+ years of experience working in an application security role
• You have a background in web application development and/or code auditing and can get deep into the code to find and resolve security problems
• You have experience with static and dynamic code analyzers
• You have experience with software composition analysis tools
• Web application penetration testing and source code vulnerability analysis skills
• Extensive knowledge of internet security issues, cloud architectures, and threat landscape
• General understanding of application and cloud security threats and vulnerabilities, including OWASP top 10, SANS top 25 etc.
• Professional security certification: CISSP, GIAC, GWEB, GWAP or other similar credentials.
• Experience with BurpSuite, Zed Attack Proxy (ZAP), or similar dynamic testing tool
• Knowledge of current development practices, including containerized applications, microservice architectures, serverless architectures, native mobile applications, responsive web applications, etc. a plus.

Benefits/Compensation
• DTO (discretionary time off).
• Medical insurance with United Healthcare (IHC network)
• Health Savings Account (HSA) with company contribution.
• Dental insurance (Cigna) and Vision insurance (United Healthcare)
• Paid holidays
• 401K match 6%/3%
• College tuition reimbursement program (STEAM degrees)

Benefits

What’s in it for you:

At Spearhead Technology, we prioritize your well-being and professional growth. Here's what you can expect:

  • Achieve a healthy work-life balance.
  • Competitive compensation and abundant growth opportunities.
  • Enjoy a standard 5-day workweek with 2 fixed weekly offs.
  • Experience an employee-centric environment with supportive policies.
  • Benefit from family-friendly and flexible work arrangements.
  • Access our Performance Advancement and Career Enhancement (PACE) initiative and discover opportunities for both personal and professional growth. From tailored career development plans to expert counseling services, PACE empowers you to chart your course to success with confidence and clarity.
    Elevate your career trajectory with our Learning & Development (L&D) program. Join our team and embark on a transformative journey of upskilling and self-discovery. With continuous learning as your compass, you'll not only enhance your expertise but also open doors to new opportunities, paving the way for career growth and fulfillment.

Please note : At Spearhead Technology, we value the importance of collaboration, learning, and fostering connections with clients, peers, leaders, and communities. While some in-person engagement may be required for certain roles, we are committed to providing flexibility to accommodate your individual work-life balance needs.

 

As an equal opportunities’ employer, Spearhead Technology welcomes and encourages applications from all members of society. We are dedicated to creating an inclusive environment where diversity is celebrated, and individuals are valued for their unique perspectives and contributions. We do not discriminate on the basis of race, religion or belief, ethnicity, disability, age, citizenship, marital or civil partnership status, sexual orientation, or gender identity.



Apply now
Share this job
Twitter Facebook Linkedin Email