Application Security Engineer
Afiniti
Islamabad, Pakistan
3d ago

Who are we?

Afiniti is the world’s leading applied artificial intelligence and advanced analytics provider. Afiniti Enterprise Behavioral Pairing™ uses artificial intelligence to identify subtle and valuable patterns of human interaction in order to pair individuals on the basis of behavior, leading to more successful interactions and measurable increases in enterprise profitability.

Afiniti operates throughout the world, and has measurably driven billions of dollars in incremental value for our clients.

Purpose Afiniti is seeking to hire an innovative and motivated individual, who under general direction can work with a high level of autonomy, uses knowledge and skills obtained through education and experience to be the liaison between the Afiniti Information Security department and the internal Afiniti software development teams as well as their management.

The primary objective of this position is to provide security support for all application and software development and to ensure the software development teams have the appropriate knowledge, tools and resources to create secure applications and services.

The Application Security Engineer will work closely with the software development teams as well as the internal Information Security teams to ensure the Afiniti SDLC process is being followed and appropriate evidences are available for external auditors as well as client inquiries. Key Responsibilities

  • Build and maintain effective relationships with all internal software developers and their management
  • Ensure all software development teams are aware of, and following the Afiniti SDLC
  • Ensure all internal software development teams are using the appropriate code repositories, with the appropriate controls in place for confidentiality, integrity and auditability
  • Ensure all internally developed software is undergoing code analysis (Static and dynamic code analysis) and the identified vulnerabilities are being properly addressed through training, awareness, peer-reviews and best-practices for coding
  • Collaborate with the internal developers to ensure software is developed following secure-coding practices
  • Encourage a security culture across company; ensure developers are aware of core security values to emphasize risk-based judgments, security in product designs, and prioritizing security remediation work
  • Perform or coordinate risk assessments for applications and underlying systems, including 3rd party penetration tests
  • Disclose all identified vulnerabilities to the appropriate software development personnel, teams and their management
  • Ensure development teams understand the vulnerabilities and possible remediation solutions
  • Track and follow up on the remediation of any identified or discovered vulnerabilities.
  • Design POC’s of possible attacks related to the discovered vulnerabilities
  • Ensure development teams have access to secure coding training and best practices (e.g. OWASP)
  • Ensure development teams have access to the proper resources (tools) to create secure applications and services
  • Help to maintain our Secure Software Development Life Cycle in all their different stages
  • Maintain up to date knowledge on current and future security threats and vulnerabilities
  • Assist the Afiniti Information Security team as needed
  • The ideal candidate will have

  • 5 to 8 years of professional experience
  • Software development experience across multiple technology stacks and languages
  • Knowledge of using practical implementation to advise Software development and implementation teams on secure design, and how to fix potential vulnerabilities
  • Experience of secure coding techniques
  • Knowledge of Internet security issues and threat landscapes
  • Good understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST)
  • Ability to write scripts using bash, PowerShell, Python, Perl, etc.
  • Knowledge of several of the following technology, vulnerability scanning tools (Burp Suite, Acunetix, AppScan, Fuzzers), etc.
  • Current knowledge of security threats, solutions, security tools and network technologies
  • An understanding or proficiency in information security and compliance regulations (ISO 27001, PCI DSS, GDPR, SSAE-18 SOX)
  • Keen ability to diagnose and troubleshoot technical issues, excellent problem solving skills
  • Fluency in English, written and spoken is a must
  • Excellent documentation and communication skills
  • Must be able to work independently, and also a team player
  • You may be required to travel on need basis
  • Education & Qualifications

  • Bachelor’s Degree in an IT related discipline
  • CEH CHFI CISSP or similar security related certification
  • In lieu of certifications, at least 5 years of information security, software development, or risk management experience
  • Salary & Package

    As well as a competitive base salary dependent on the number of years of experience, we also offer generous stock options, an annual discretionary bonus plus Corporate benefits.

    Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form