Application Security Engineer

Washington, DC
Nov 01, 2022
Feb 17, 2023
Engineering, Security
Full Time
Job Description

The Washington Post's Cybersecurity team is looking for an entry-level Application security engineer with software development experience. You will be responsible for assisting with consistent Secure coding practices for all WaPo technology projects throughout the planning and delivery cycles and ensuring that application security vulnerabilities are mitigated. In this position, you are a passionate and talented application security engineer with a very deep understanding of OWASP, CWE 25, Data Protection, Access management, software vulnerabilities, and best practices design. You must be able to communicate effectively with stakeholders and coach developers to produce secure code.

  • You are an energetic learner who is able to grasp new processes and technologies.
  • You are able to communicate effectively to both technical and non-technical audiences appropriately.
  • You have the aptitude to simplify and communicate complex ideas/solutions and influence a collaborative workplace.

  • Work as part of a team of software and security engineers to design/maintain and build best-in-class secure products and services
  • Build strong relationships with product development teams and serve as a technical point of contact as it relates to Product Application Security Operations
  • Perform vulnerability assessments and code reviews on products developed by WaPo.
  • Manage the Bug Bounty program and work alongside security researchers to triage findings.
  • Improve accessibility of security through automation, continuous integration pipelines, and other means.
  • Understand existing processes and identify ways to improve and streamline them in order to improve team efficiency and effectiveness

  • Bachelor's degree in Computer Science or a related technical field, or equivalent practical experience.
  • 2+ years of relevant industry experience in software development and application security.
  • 2+ years of AWS experience with relevant AWS security certifications
  • Demonstrable coding experience in one or more general purpose languages (Java, Python, NodeJS)
  • Experience in Web Application Firewall deployment and operation.
  • Experience with attacks and mitigation methods, with experience working in two or more of the following: Web application and browser security; Security assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; Security monitoring and intrusion detection, Incident response and forensics; Development of security tools, automation or frameworks.

Wherever you are in your life or career, The Washington Post offers comprehensive and inclusive benefits for every step of your journey:
  • Competitive medical, dental and vision coverage
  • Company-paid pension and 401(k) match
  • Three weeks of vacation and up to three weeks of paid sick leave
  • Nine paid holidays and two personal days
  • 20 weeks paid parental leave for any new parent
  • Robust mental health resources
  • Backup care and caregiver concierge services
  • Gender affirming services
  • Pet insurance
  • Free Post digital subscription
  • Leadership and career development programs

Benefits may vary based on the job, full-time or part-time schedule, location, and collectively bargained status.

The Post strives to provide its readers with high-quality, trustworthy news and information while constantly innovating. That mission is best served by a diverse, multi-generational workforce with varied life experiences and perspectives. All cultures and backgrounds are welcomed.

The innovation doesn't end in the Newsroom - dozens of teams power The Washington Post. We are now hiring the next innovator - how will you Impact Tomorrow?


Similar jobs

More searches like this