Application Security Engineer

Overview

As someone experienced with securing a wide variety of applications, you are looking for an opportunity to use your skills in an innovative and technology-oriented environment. As an Application Security Engineer at Esri, you will fill a critical role in helping secure Esri's intellectual property, networks, and sensitive data against a variety of complex threats with support from all levels of leadership. Our Application Security team collaborates closely with the application development, DevSecOps, and information security departments to design security into our applications up front, perform application layer security testing, and assist developers with vulnerability remediation. We welcome you to join Esri, where you can make a real difference every day!

Responsibilities

• Operate third-party application security testing and scanning solutions
• Collaborate closely with application developers to analyze findings and implement required remediations or countermeasures
• Assess and calculate application risks
• Assist with application layer security reviews of the code developed by our application teams, from planning through release
• Assist with application layer penetration testing to identify potential issues
• Summarize and track findings and remediation activity for presentation to leadership

Requirements

• 2+ years of experience in information security with an emphasis on application security or penetration testing, or 2+ years of software development experience with a focus on securing applications
• Hands-on experience with security analysis of web services technologies such as XML, JSON, SOAP, REST, and AJAX
• Hands-on experience with C#/ASP.NET, Java, and JavaScript source code
• Understanding of various web application frameworks such as ASP.NET, J2EE, and MEAN stack
• Web server configuration knowledge (NGINX, Apache HTTP Server, Apache Tomcat)
• Bachelor’s in computer science or related field, or equivalent work experience

Recommended Qualifications

• Information security or technical certifications such as CISSP, SSCP, GIAC, GSE, CEH, OSCP/OSCE, GPEN/GXPN/GWAPT
• Understanding of layer 2-7 communication protocols, common encoding and encryption schemes, and algorithms
• Proficiency in any of the following languages: C#, Python, Ruby, Perl, Bourne/Bash, PowerShell, Visual Basic, JavaScript, SQL, Java
• Experience using application security solutions such as Burp Suite, Coverity, AppSpider, Acunetix, or Veracode
• Familiarity with the CI/CD pipeline, Git and Jenkins

About Esri

Our passion for improving quality of life through geography is at the heart of everything we do. Esri’s geographic information system (GIS) technology inspires and enables governments, universities, and businesses worldwide to save money, lives, and our environment through a deeper understanding of the changing world around them.

Carefully managed growth and zero debt give Esri stability that is uncommon in today's volatile business world. Privately held, we offer exceptional benefits, competitive salaries, 401(k) and profit-sharing programs, opportunities for personal and professional growth, and much more.

Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.

If you need a reasonable accommodation for any part of the employment process, please email askcareers@esri.com and let us know the nature of your request and your contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.

#LI-REMOTE

#LI-NR5