Senior Application Security Engineer - ( Penetration Testing - AWS, Azure and Microservice ,C/C++, Python)

Who is Forcepoint?

Forcepoint simplifies security for global businesses and governments. Forcepoint's all-in-one, truly cloud-native platform makes it easy to adopt Zero Trust and prevent the theft or loss of sensitive data and intellectual property no matter where people are working. 20+ years in business. 2.7k employees. 150 countries. 11k+ customers. 300+ patents. If our mission excites you, you're in the right place; we want you to bring your own energy to help us create a safer world. All we're missing is you!

About the role:

Forcepoint is looking for a highly motivated Senior Application Security Engineer to join our Product Security team who is passionate about security. In this role, you will be responsible for integrating and verifying security in all phases of the Secure Software Development Lifecycle. As an Application Security Engineer at Forcepoint, you will work closely with product and software development teams to threat model, vulnerability scan, and pen test software, systems, network, and cloud architectures to identify security issues. Additionally, you will work closely with developers to diagnose, document, and remediate application security vulnerabilities.

• Collaborate closely with application development and platform teams to champion and help ensure security throughout the software lifecycle.
• Perform static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications, and cloud hosted applications applications to identify vulnerabilities and security defects.
• Provide assistance in the management of inquiries to the product security incident response team (PSIRT) by assisting in product security incident response activities.
• Build positive relationships with partner teams in IT, DevOps, Software Engineering, and Product Management to improve our application security strategies and priorities for protecting our customers and company.
• Provide training and leadership for secure software practices.

• Five or more years of penetration testing with three or more years of performing security tests and assessment on enterprise networks, Web and native applications using offensive tools and techniques such as Metasploit, Burp, Kali Linux, Fuzzing etc.
• Competency in AWS, Azure and Micro Service security model such as Kubernetes, Docker, Terraform.
• Security code review and development experience in several of the following languages: C/C++, Python, Java or JavaScript, Perl.
• Proficiency with OS privilege and permission models.
• Experience in performing security audit in Server and Endpoint OS: Linux, Windows and MacOS.
• Experience in adopting various methodologies of Threat Modelling, applied to large scale and complex software systems.
• Highly motivated in researching emerging security topics and new attack vectors.

• Bachelor's degree in Computer Science and five or more years of experience in a relevant field, cyber security, or equivalent experience.
• Knowledge in OS kernel is a plus.
• Organized and capable of executing complex plans with minimal direction.
• Possess a strong understanding of application architectural patterns, such as MVC, Microservices, Service Oriented Architecture, Serverless, Message bus/event driven, etc.
• Understanding of how data flows through an application and/or network and connected components (SMTP, LDAP, Database servers).
• Thorough understanding of coverage and risk as an outcome of pen testing as it relates to product security posture and business needs.
• A year or more working in a "work from home" / remote capacity.
• High level, written and verbal English communication skills to both technical and non-technical leaders.