Senior Application Security Engineer

Minimum of 5 years of experience in software development and implementing security into SDLC processes
Minimum 2 years relevant architecture experience with expert level knowledge of application systems design and integration
Comprehensive knowledge, experience, & understanding of testing for the OWASP Top 10 or CWE Top 25, including PoCs, automating attacks, and secure code remediation
Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security
Experience with evaluating, deploying, and managing application security tools (e.g. DAST, SAST, IAST, RASP, WAF) and building strong vendor relationships
Strong programming and scripting experience in Python, BASH, Go, Java, JavaScript or similar
Experience using security testing tools such as Burp Suite, Metasploit, OWASP ZAP, nmap, Frida, etc.
Experience with mobile platform-specific security, privacy, and permission concepts for iOS & Android mobile platforms as well as mobile technologies such as WebViews, TouchID/FaceID API, etc.

Partner with the company’s Product, Software Engineering, DevOps, and IT teams
Perform security risk assessments, manual penetration security testing, automate security testing, threat modeling, and develop/conduct education on secure coding
Deliver security products and consult with DevOps, as part of a high-profile security team, supporting automated security testing as part of CLEAR’s next-generation CI/CD pipelines
Lead internal and external penetration tests across CLEAR’s most critical assets, as well as triage issues with internal stakeholders for remediation
Develop functional and non-functional security requirements
Conduct security assessments, code reviews, and penetration tests to identify vulnerabilities in applications and software
Implement and manage security tools, including SAST, DAST, SCA, and other security automation frameworks

No preferred qualifications provided.