Skip to main contentA logo with &quat;the muse&quat; in dark blue text.
Esri

Application Security Engineer

Overview

Are you an experienced software developer who craves more variety in your work? In this role, you'll work with development teams to design and build secure solutions, participate in and coordinate penetration testing activities, and generally solve security challenges at massive scale. You will ensure that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, and quickly reacting to new threat scenarios. Bottom line, you love to write/read code and have a strong curiosity in exploring and testing software with unintended use cases and improving the ability of software to withstand attacks.

Want more jobs like this?

Get Software Engineer jobs delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.


Responsibilities: 

  • Read and understand (debug) code written by others, enabling ability to troubleshoot and determine a root cause
  • Provide significant secure coding contributions to multiple groups throughout Esri, including the software security team
  • Develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices
  • Foster constructive dialogue and seek resolution when confronted with discordant views
  • Participate fully in the planning of the software security team's work and constantly seek opportunities for process improvement
  • Become a sought-out security resource while having an understanding of the application of information security in a broad range of technical areas
  • Utilize a combination of troubleshooting, technical, and communication skills to handle a mix of disparate tasks which may include project and software development work
  • Perform application security reviews and penetration testing as well as project/research work as needed
  • Lead security training and outreach to internal development teams
  • Provide security guidance documentation and security tool development; facilitate delivery and improvement of security metrics

Requirements

  • Minimum of two years of experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration, and network security
  • Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)
  • Intermediate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security
  • Knowledge of relational databases such as SQL Server, Oracle, PostgreSQL, or DB2
  • Experience with various platform architectures including server, desktop, mobile, Linux, and Windows
  • Experience developing middleware software components using core Java, Servlets, JSP, EJBs
  • Proficient with development frameworks and languages (e.g., Java, C/C++, .NET, C#, Python, Perl, Objective C, Swift, etc.) and in writing secure code
  • Experience developing code in a popular Java IDE, i.e. Eclipse/IntelliJ IDEA
  • Fundamental understanding of web services including SOAP and REST
  • Bachelor's in computer science or related field, or equivalent work experience

Recommended Qualifications: 

  • Good understanding of cloud computing platforms and services such as Amazon S3, SQS, EC2 and Azure services such as Blob Service, Table Service, etc.
  • Knowledge of common application security and code analysis tools, (e.g., Fortify, Coverity, AppScan, WebInspect, Veracode, Acunetix)
  • Extensive knowledge of the OWASP Top 10 and CWE Top 25
  • Experience implementing security solutions at the business division level
  • Experience exploiting web and web services security vulnerabilities including cross-site scripting, CSRF, SQL injection, XML/SOAP and API attacks
  • An understanding of network and web-related protocols such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing
  • Information security certifications (GPEN, OSCP, OSCE, OSWE, CEH, SSCP)
#LI-CK1

 

The Company

Our passion for improving quality of life through geography is at the heart of everything we do. Esri’s geographic information system (GIS) technology inspires and enables governments, universities, and businesses worldwide to save money, lives, and our environment through a deeper understanding of the changing world around them.

 

Carefully managed growth and zero debt give Esri stability that is uncommon in today's volatile business world. Privately held, we offer exceptional benefits, competitive salaries, 401(k) and profit-sharing programs, opportunities for personal and professional growth, and much more.

 

Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Job ID: 24296966
Employment Type: Other

Perks and Benefits

  • Health and Wellness

    • Health Insurance
    • Dental Insurance
    • Vision Insurance
    • FSA
    • Life Insurance
    • Short-Term Disability
    • Long-Term Disability
    • On-Site Gym
    • Pet Insurance
    • Mental Health Benefits
  • Work Flexibility

    • Flexible Work Hours
    • Remote Work Opportunities
    • Hybrid Work Opportunities
  • Office Life and Perks

    • Commuter Benefits Program
    • Casual Dress
    • On-Site Cafeteria
    • Holiday Events
    • Company Outings
  • Vacation and Time Off

    • Paid Vacation
    • Paid Holidays
    • Personal/Sick Days
    • Leave of Absence
  • Financial and Retirement

    • 401(K) With Company Matching
    • Relocation Assistance
    • Profit Sharing
  • Professional Development

    • Tuition Reimbursement
    • Promote From Within
    • Access to Online Courses
    • Leadership Training Program
    • Lunch and Learns
    • Internship Program
    • Work Visa Sponsorship
  • Diversity and Inclusion

    • Diversity, Equity, and Inclusion Program
    • Employee Resource Groups (ERG)
    • Founder led

Company Videos

Hear directly from employees about what it is like to work at Esri.

This job is no longer available.

Search all jobs