Application Security Engineer, CEH, Jenkins, CI/CD, NoSQL, Python, Linux, SAST, AWS, IDS/IPS, PCI DSS
Salary: 50K + Benefits, Holidays, Discounts
As an Application Security Engineer, you will help to support the security team for an E-commerce platform provider based in Bristol. Your responsibility will be to perform accurate and precise analysis around the development and operations for security. You will also set the correlation of logs/alerts from a multitude of sources and security incidents and mitigating where appropriate.
- Agile methodologies (Kanban, Scrum).
- CI/CD Pipelines (Jenkins, TeamCity, Bamboo etc.)
- Shipping software to production that involves (but is not limited to) C# and .NET web development frameworks, RESTful APIs and event driven architecture, using continuous delivery techniques at a high-volume level of scale.
- Scripting (.Net, Python, Ruby, Node.Js, Bash, PowerShell, Perl etc.)
- HTTP, SSH/TLS, SOAP, and reverse proxies.
- Databases (including SQL and NoSQL) on Windows or Linux
- Secure coding practices and the OWASP Top 10
- Producing/consuming Web/REST/SOAP APIs.
- Security as part of the Software Development Lifecycle (SDLC).
- Developing security features.
- Troubleshooting Linux application problems using knowledge of Linux OS structure, BASH, and tools such as sTrace and gdb.
- Experience working within a DevOps in a cloud environment.
- Experience with security issues, security in the SDLC and the evolving threat landscape.
- Understanding of threat vectors against Windows, Linux or Cloud platforms.
- Current information security standards and regulations such as PCI-DSS, the UK DPA and GDPR
- Working in a Technology environment.
- Writing tools and integrations to produce metrics on application security so that we can quantify risk and show improvement.
- Static code analysis (SAST) software or services.
- Automating security testing of applications and integrating security automation into the software lifecycle.
- Static and dynamic security testing (SAST/DAST) including code scanning, hands on targeted AVAs and ethical hacking.
- Amazon Web Services (AWS) Environments.
- Cloud Services (Amazon Web Services, Microsoft Azure, Google Cloud Platform)
- Ticketing system workflow, routing and resolution documentation.
- Automating security testing security infrastructure tools e.f. IDS/IPS, WAF etc
- Penetration testing.
- Ethical hacking.
- Monitoring security tools for potential threats.
- ELK or other log technology stacks
- Bachelor's degree in Computer Science, Computer Engineering, Network Security, Information Security, Information Technology or equivalent work experience