Strategy is a market leader in enterprise analytics and mobility software, pioneering data-driven innovation. As an Application Security Engineer, you will safeguard software applications by integrating security practices throughout the software development lifecycle and conducting security assessments to ensure resilience against vulnerabilities.
Secure SDLC Integration: Work closely with development teams to integrate security into the SDLC, including threat modeling, secure code reviews, and security testing
Vulnerability Management: Identify, triage, and remediate security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA) tools
Security Assessments & Penetration Testing: Conduct manual and automated penetration testing of web, mobile, and cloud applications to detect security flaws
Secure Code Review: Analyze source code and provide security recommendations to developers to ensure adherence to secure coding best practices
Threat Modeling & Risk Analysis: Perform threat modeling to anticipate potential attack vectors and improve security architecture
DevSecOps Enablement: Support and enhance DevSecOps initiatives by integrating security automation within CI/CD pipelines
Incident Response & Remediation: Assist in investigating security incidents related to applications and work with engineering teams to remediate threats
Security Awareness & Training: Educate and mentor developers on OWASP Top 10, SANS 25, and other security best practices
Qualification
Required
Bachelor's degree in Computer Science, Engineering, or related field
Minimum 2 years of software development or software security experience in an agile environment
Hands-on experience with SAST, DAST, IAST, and SCA tools (e.g., Checkmarx, Fortify, Veracode, SonarQube, Burp Suite, ZAP)
Fluent in one or more programming languages, such as Python, Java, JavaScript
Strong knowledge of secure coding principles and application security frameworks
Familiarity with security tools (e.g., static and dynamic analysis tools, vulnerability scanners)
Understanding of security standards and regulations (e.g., OWASP, NIST)
Hands-on experience with Generative AI and/or ML in creating innovative applications that enhance productivity and efficiency, coupled with a strong eagerness to learn
Experience with cloud security best practices in AWS, Azure, or GCP
Strong work ethic with a commitment to meeting business needs and effectively collaborating with global colleagues
Effective interpersonal skills; ability to collaborate successfully with both technical and non-technical stakeholders
Ability to articulate complex technical concepts with clarity, supported by effective written and verbal communication skills
Preferred
Benefits
Strategy provides enterprise software for business intelligence, mobile intelligence, and network applications.
Glassdoor
3.7
Founded in 1989
Vienna, Virginia, USA
1001-5000 employees
https://www.strategy.com
Strategy provides enterprise software for business intelligence, mobile intelligence, and network applications.
