Santa Barbara, CA
The Application Security Engineer is responsible for developing and strengthening web application security programs for Yardi software products by participating in static and dynamic code analysis, managing application penetration testing, developing automated integrations, and creation of application security training materials.
- Performs application and environment security testing, evaluation, and hardening.
- Conducts automated static and dynamic code analysis with report creation and delivery.
- Coordinates penetration testing and remediation efforts with application development and systems support teams.
- Develops internal automation and integrations with implemented security services.
- Collaborates with development teams to effectively maintain security in the SDLC and CI/CD pipelines following industry best practices
- Develops internal compliance documentation.
- Bachelor’s Degree in Computer Engineering, Computer Science, or related field.
- Three plus (3+) years of experience working in Information Security.
- Two plus (2+) years of experience with static and/or dynamic code analysis and scanning tools.
- Two plus (2+) years of experience with enterprise level software development, including secure coding practices and enterprise cloud architectures.
- Relevant Information Security industry certifications.
- Understanding of enterprise web application design and API delivery methods.
- Proficiency in at least one of the following: ASP.NET, Java, Mobile (IOS/Android).
- Understanding of web application security principles and tools, including OWASP Top 10.
- Understanding of penetration testing, common vulnerability analysis techniques and information security threat vectors.
- Strong written and verbal communication skills
- Strong teamwork and collaboration skills
- Regular attendance is an essential function of this job