Application Security Engineer

US citizenship required
3+ years of experience in Application Security identifying security risks, developing mitigation plans, and implementing security features and solutions
3+ years of experience in Penetration testing
2+ years of experience with SAST, DAST, dependency scanning and vulnerability management tools like Snyk, GitHub Dependabot, Burp Suite
2+ years of modern high-level programming language like Python, Golang or equivalent
Hands-on experience with cloud-native security best practices across AWS, GCP, and/or Azure
In-depth knowledge of application security, network security, authentication, authorization, identity systems, encryption, AI/LLM security and secure coding practices
BS+ in computer science or a related field, or equivalent relevant experience

Lead Security Reviews: Engage proactively in design discussions and data handling reviews to ensure security is integrated at every stage
Execute Penetration Testing: Carry out targeted penetration tests as part of security reviews for features deemed critical. Identify vulnerabilities and recommend strategies for risk mitigation. Develop and refine testing methodologies to effectively uncover and address security risks
Develop and Maintain AppSec Processes and Tools: Ensure our AppSec processes and CI/CD scanning tools are up-to-date and effective in identifying and mitigating vulnerabilities
Contribute to Application Security (AppSec) Program Enhancements: Play a key role in the continuous improvement of the Application Security program at Moveworks, focusing on effective security outcomes
Collaborate with Cross-Functional Teams: Partner with machine learning, search, product, infrastructure, data, and frontend teams to design secure solutions
Empower Teams on Security Matters: Enable teams to make informed security-related decisions

No preferred qualifications provided.