Application Security Engineer

Overview

The application security engineer with work with our developers and security team to build security into our applications by performing security testing and assisting developers in remediating security vulnerabilities. Join our Security Assurance team and conduct full-scope vulnerability assessment and penetration testing to help secure Esri's intellectual property, networks, and sensitive data against a variety of complex threats.

Responsibilities:

  • Work with web application developers to “build security in” as part of Esri’s development lifecycle
  • Manage the automation and orchestration of our testing products
  • Validate the correct operation of security controls within applications
  • Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures
  • Assist our Web Application Firewall team in implementing appropriate controls for our websites
  • Perform web application penetration testing to identify potential security issues and vulnerabilities
  • Assess/calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing
  • Coordinate with other business units conducting security testing
  • Ensure automated security testing and orchestration tools are available for use by other business units

Requirements

  • 5+ years of experience in information security with a heavy emphasis on application security, penetration testing, and vulnerability assessment
  • Ability to demonstrate manual testing experience including all of the OWASP Top 10
  • Advanced experience with testing tools such as Burp Suite Pro, AppSpider, Acunetix, among others
  • Understanding of web services technologies such as XML, JSON, SOAP, REST, and AJAX 
  • Understanding of various web application frameworks such as ASP.NET, J2EE, and MEAN stack
  • Web server configuration knowledge (NGINX, Apache HTTP Server, Apache Tomcat)
  • Advanced knowledge and experience with OS and network security
  • Bachelor’s in computer science or related field, or equivalent work experience

Recommended Qualifications:

  • Technical certifications that support pen testing such as CEH, OSCP/OSCE, GPEN/GXPN/GWAPT 
  • Information security certifications such as CISSP, SSCP, GIAC, GSE 
  • In-depth understanding of layer 2-7 communication protocols, common encoding and encryption schemes, and algorithms
  • Previous software development experience to support penetration testing including vuln dev, tool modules, covert tunneling, scanning scripts, passive collection, etc.
  • Proficiency in any of the following languages: C#, Python, Ruby, Perl, Bourne/Bash, PowerShell, Visual Basic, VBScript, PHP, JavaScript, SQL, CFML, Java 
  • Experience in defeating WAFs and other filtering mechanisms

 

#LI-AL1

 

The Company

Our passion for improving quality of life through geography is at the heart of everything we do. Esri’s geographic information system (GIS) technology inspires and enables governments, universities, and businesses worldwide to save money, lives, and our environment through a deeper understanding of the changing world around them.

Carefully managed growth and zero debt give Esri stability that is uncommon in today's volatile business world. Privately held, we offer exceptional benefits, competitive salaries, 401(k) and profit-sharing programs, opportunities for personal and professional growth, and much more.

Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

 

If you need a reasonable accommodation for any part of the employment process, please email humanresources@esri.com and let us know the nature of your request and your contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.


Back to top