As an Application Security Engineer, you will be responsible for working with application developers, development managers, product managers, and business units to implement security and technology controls, processes, and best practices for in-house and third-party applications. You will provide technical expertise to establish and implement security related standards, procedures, and guidelines appropriate to securing the existing environment.

Responsibilities:

• Serve as the primary technical contact and expert in all aspect of application security.
• Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security consulting services.

• Assess application security posture through the use of automated tools and manual techniques to identify and verify exposure to common security vulnerabilities.
• Provide remediation guidance to development teams.

• Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.

• Develop, implement and manage application security policies, standards, procedures, and guidelines that will assist the application development teams in integrating security requirements within their applications and databases.

• Ensure compliance with regulatory, and industry standards for application security.

• Research, recommend, implement, and maintain application security tools.
• Serve as the AppSec subject matter expert for the Incident Response team and investigate any possible incidents impacting the company 
• Perform other related duties as assigned.

EDUCATION/EXPERIENCE/LICENSURE:

• Minimum 3 year of Application Security experience through employment, community involvement, academic or self-study required.
• CISSP, CSSLP, GWAPT, or related certification(s) preferred 
• Possession of an undergraduate degree in computer information technology, computer engineering, or related degree.
  

KNOWLEDGE, SKILLS AND ABILITIES:

• Understanding of OWASP security concepts and common application security risks, such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
• Exposure with software penetration testing, secure code review, architectural risk assessment, static code analysis.
• Proficiency in one or more of the following languages: Java/J2EE, Scala, JavaScript, & Python.
• Solid business acumen with ability to work with App Dev, QA and Security teams
• Understand application architectural patterns, such as MVC, Microservices, Event-driven etc
• Familiarity with Metasploit, Burp Suite, Fuzzing, and Jenkins preferred
• Ability to communicate effectively via multiple channels with technical and non-technical staff.
• Ability to be versatile and handle multiple projects and re-prioritizations.
• Ability to maintain self-motivation and to work independently and in team environments.

About Us:

HomeAdvisor and our sister company, Angie’s List, have combined to create the largest Homeservices marketplace in the nation. Part of ANGI Homeservices (ANGI), we connect millions of homeowners across the globe with home service professionals through our innovative and user-friendly products. By creating innovative technology and providing a highly collaborative environment, we have achieved accelerated growth year after year, and have been recognized as a Top Workplace in Denver for each of the past 6 years. 

HomeAdvisor is known for our casual atmosphere that is flexible and focused on productivity. With a generous “take what you need” vacation policy, high collaboration across the business, and the ability for individuals to make a tangible impact, we truly believe in our people and our product. This role will work in our brand-new Headquarters in the RiNo Arts District in Denver, CO.