- Company Name
- Ashley Furniture Industries
- Job Title
- Application Security Engineer III
- Job Description
-
**Job Title:** Application Security Engineer III
**Role Summary:**
Responsible for identifying, analyzing, and remediating security vulnerabilities across the organization’s application portfolio. Leads application security assessments, code reviews, tool implementation, and integration of secure practices into the SDLC. Provides guidance to development teams, monitors incident response, and drives metrics for the application security program.
**Expectations:**
• Perform comprehensive application security testing (static, dynamic, interactive) and vulnerability scans.
• Review code and architecture to uncover security weaknesses.
• Advise on secure coding and architecture, ensuring adherence to industry best practices.
• Report findings with actionable remediation plans.
• Monitor and respond to security incidents related to application vulnerabilities.
• Benchmark program performance and recommend improvements.
**Key Responsibilities:**
1. Conduct static, dynamic, and API security assessments using tools such as Fortify, Checkmarx, and Veracode.
2. Perform code reviews to identify OWASP Top 10 and other critical vulnerabilities.
3. Design, maintain, and evolve security testing procedures and tool configurations.
4. Collaborate with development teams to embed security controls early in the SDLC.
5. Produce detailed vulnerability reports with remediation guidance.
6. Respond to application‑related security incidents and support incident‑response efforts.
7. Deploy and manage application security tools (WAFs, scanning platforms).
8. Develop and track KPIs for the application security program.
9. Create and maintain security process documentation.
10. Conduct security awareness sessions for developers.
11. Evaluate and recommend new security technologies and tools.
12. Assist in the development of security policies and standards.
**Required Skills:**
- Proficiency with application security testing tools (Fortify, Checkmarx, Veracode).
- Experience with Web Application Firewalls and related security controls.
- Deep knowledge of OWASP Top 10, secure coding practices, and SDLC integration.
- Familiarity with Java, .NET, Python, JavaScript, and API security testing.
- Understanding of penetration testing methodologies.
- Cloud security fundamentals (AWS, Azure, GCP).
- Knowledge of compliance frameworks (PCI‑DSS, NIST, ISO 27001).
- Strong analytical, problem‑solving, and communication skills.
- Ability to work cross‑functionally with development, operations, and compliance teams.
**Preferred Skills:**
- Experience with containerized and serverless architectures (Docker, Kubernetes, Serverless).
- Familiarity with automated CI/CD security pipelines.
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Security, or related field.
- ≥5 years of application security or related experience (or equivalent education/experience).
- Professional security certifications preferred: CISSP, CEH, OSCP, or comparable.
- Demonstrated experience in vulnerability assessment, penetration testing, and web application architecture security.