Application Security Engineer


Apply Now

Overview


Join us in this critical role helping to secure Esri's intellectual property, networks, and sensitive data against a variety of complex threats. Your application layer security expertise will help drive our program, continually maturing our SSDLC processes and policies with full support from senior leadership. You will collaborate closely with Esri’s application development, DevSecOps, and information security departments to build security into our applications, perform application layer security testing, and assist developers with vulnerability remediation. Bring your knowledge and leadership to Esri and make a real difference every day!

Responsibilities


  • Manage and operate third-party application security testing and scanning solutions
  • Collaborate closely with the DevSecOps team to integrate and automate security processes into our CI/CD pipeline
  • Perform application layer security reviews of the code developed by our application teams, from planning through release
  • Perform application layer penetration testing to identify potential issues or vulnerabilities
  • Summarize, track, and present findings to both application and security team leadership; assist developers with required remediation and countermeasures
  • Assess and calculate application risk; create and present metrics and executive summaries

Requirements


  • 5+ years of experience in information security with a heavy emphasis on application security, penetration testing, and vulnerability assessment
  • Hands-on experience using and managing application security solutions such as Burp Suite, Coverity, AppSpider, Acunetix, and Veracode
  • Hands-on experience with security analysis of web services technologies such as XML, JSON, SOAP, REST, and AJAX
  • Understanding of various web application frameworks such as ASP.NET, J2EE, and MEAN stack
  • Web server configuration knowledge (NGINX, Apache HTTP Server, Apache Tomcat)
  • US citizenship and ability and willingness to obtain a security clearance
  • Bachelor’s in computer science or related field, or equivalent work experience

Recommended Qualifications


  • Technical certifications that support penetration testing such as CEH, OSCP/OSCE, GPEN/GXPN/GWAPT
  • Information security certifications such as CISSP, SSCP, GIAC, GSE
  • In-depth understanding of layer 2-7 communication protocols, common encoding and encryption schemes, and algorithms
  • Previous software development experience to support penetration testing
  • Proficiency in any of the following languages: C#, Python, Ruby, Perl, Bourne/Bash, PowerShell, Visual Basic, JavaScript, SQL, Java

About Esri


Our passion for improving quality of life through geography is at the heart of everything we do. Esri’s geographic information system (GIS) technology inspires and enables governments, universities, and businesses worldwide to save money, lives, and our environment through a deeper understanding of the changing world around them.

Carefully managed growth and zero debt give Esri stability that is uncommon in today's volatile business world. Privately held, we offer exceptional benefits, competitive salaries, 401(k) and profit-sharing programs, opportunities for personal and professional growth, and much more.

Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.

If you need a reasonable accommodation for any part of the employment process, please email humanresources@esri.com and let us know the nature of your request and your contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.

#LI-AL1

Apply Now