Application Security Engineer

Location
Washington, DC
Posted
Aug 02, 2022
Closes
Aug 24, 2022
Ref
JR-90273811
Function
IT
Industry
Engineering, Security
Hours
Full Time
Job Description

The Washington Post's Cybersecurity team is looking for an entry-level Application security engineer with software development experience. You will be responsible for assisting with consistent Secure coding practices for all WaPo technology projects throughout the planning and delivery cycles and ensuring that application security vulnerabilities are mitigated. In this position, you are a passionate and talented application security engineer with a very deep understanding of OWASP, CWE 25, Data Protection, Access management, software vulnerabilities, and best practices design. You must be able to communicate effectively with stakeholders and coach developers to produce secure code.

Motivation
  • You are an energetic learner who is able to grasp new processes and technologies.
  • You are able to communicate effectively to both technical and non-technical audiences appropriately.
  • You have the aptitude to simplify and communicate complex ideas/solutions and influence a collaborative workplace.


Responsibilities
  • Work as part of a team of software and security engineers to design/maintain and build best-in-class secure products and services
  • Build strong relationships with product development teams and serve as a technical point of contact as it relates to Product Application Security Operations
  • Perform vulnerability assessments and code reviews on products developed by WaPo.
  • Manage the Bug Bounty program and work alongside security researchers to triage findings.
  • Improve accessibility of security through automation, continuous integration pipelines, and other means.
  • Understand existing processes and identify ways to improve and streamline them in order to improve team efficiency and effectiveness


Qualifications
  • Bachelor's degree in Computer Science or a related technical field, or equivalent practical experience.
  • 2+ years of relevant industry experience in software development and application security.
  • 2+ years of AWS experience with relevant AWS security certifications
  • Demonstrable coding experience in one or more general purpose languages (Java, Python, NodeJS)
  • Experience in Web Application Firewall deployment and operation.
  • Experience with attacks and mitigation methods, with experience working in two or more of the following: Web application and browser security; Security assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; Security monitoring and intrusion detection, Incident response and forensics; Development of security tools, automation or frameworks.


The Post strives to provide its readers with high-quality, trustworthy news and information while constantly innovating. That mission is best served by a diverse, multi-generational workforce with varied life experiences and perspectives. All cultures and backgrounds are welcomed.

The innovation doesn't end in the Newsroom - dozens of teams power The Washington Post. We are now hiring the next innovator - how will you Impact Tomorrow?

#washpostlife

Similar jobs

More searches like this