Application Security Engineer

Overview

In collaboration with development and architecture teams, the Application Security Engineer will define security controls in Black Line's software, identify and prioritize vulnerabilities in the application, databases, and related infrastructure components, provide resolution guidance to the development team, perform source code reviews, conduct application security tests, monitor security events and audit trails, and respond to incidents. This position will also be responsible for educating and mentoring developers on secure coding and application security best practices.

• Identify risks and areas of exposure in applications developed and/or used by Black Line.
• Perform security reviews of source code, stored procedures, and server/service configurations.
• Define and document application security requirements for Black Line applications.
• Oversee development of security components throughout all stages of the SDLC.
• Perform manual and automated security testing of Black Line applications.
• Monitor application logs and audit trails.
• Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
• Educate developers on secure coding techniques and security best practices.
• Participate in development of security policies, standards, and processes.
• Participate in incident handling and perform application-related forensics activities.
• Perform other duties as assigned.

• Bachelor's degree in Computer Science or related field.
• 2+ years of hands-on application security experience.
• Hands-on development experience and thorough understanding of object-oriented programming.
• Advanced knowledge of web application technologies, MVC, Ajax, XML, SOA, SSL, web-related protocols and services.
• Intermediate knowledge of MS SQL.
• Basic knowledge of other commonly-used RDBMS.
• Ability to identify security vulnerabilities from source code reviews and testing.
• Knowledge of encryption technologies, secure communications, and secure credentials management.
• Advanced experience with at least one scripting language (e.g.: Perl, Python).
• Intermediate proficiency with C/C++ or Java.
• Advanced knowledge of common application vulnerabilities (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
• Intimate familiarity with web application testing tools (e.g., Burp, Parox, Fiddler, Havij, netcat).
• Ability to define application security requirements and build secure web application solutions.
• Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.
• Strong work ethic, attention to detail, and organizational skills.
• Ability to multi-task and manage priorities in a fast-paced environment.
• Ability to collaborate in a team and work independently.
• Conceptual understanding of software development principles and SDLC models.
• Intermediate proficiency with the Microsoft Office suite.
• Windows and Linux operating systems knowledge at advanced user level.

• Thorough understanding of Java, C#, ASP.NET.
• Experience with lower-level languages (Assembly), debug and reverse-engineering tools (IDA, etc.).
• Ability to write proof-of-concept exploits.
• Agile experience.

• A technology-based company with a sense of adventure and a vision for the future. Every door at Black Line is open. Just bring your brains, your problem-solving skills, and be part of a winning team at the world s most trusted name in Finance Automation!
• A culture that is kind, open, and accepting. It s a place where people can embrace what makes them unique, and the mix of cultural backgrounds and varying interests cultivates diverse thought and perspectives.
• A culture where Black Line s continued growth and learning is empowered. Black Line offers a wide variety of professional development seminars and inclusive affinity groups to celebrate and support our diversity.

Black Line is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity or expression, race, ethnicity, age,…