Application Security Engineer

Full Time
Reston, Virginia
report a problem
Overview


BUILD YOUR CAREER WITH THE COMPANY THAT IS DEFINING THE INTERNET
Verisign operates the infrastructure for a portfolio of top-level domains that today include .com, .net, .tv, .edu, .gov, .jobs, .name and .cc, as well as two of the world's 13 Internet root servers. Verisign's product suite also includes Distributed Denial of Service (DDoS) Protection Services, and Managed DNS.


Reporting directly to the Verisign Application Security Manager, the Application Security Engineer will play a key role in securing all software built and/or used by VeriSign.  The engineer will work with application development teams as well as 3rd party organizations to ensure that security, privacy, and compliance constraints are built into the applications.  In addition to securing applications the engineer will be expected to help develop tools and scripts to enhance the security processes and systems at Verisign. The individual should exhibit the following: strong interpersonal skills, be highly motivated, results oriented, have excellent communication and presentation skills, and be a strong team player. 
 

Responsibilities:
  • Perform manual and automated application vulnerability assessments and document vulnerabilities which were found and provide recommendations for remediation
  • Perform manual code reviews on systems to identify vulnerabilities as a complement to automated vulnerability assessments
  • Provide security recommendations as a subject matter expert for development teams during all phases of development
  • Develop tools and scripts to enhance and automate Verisign’s security systems and processes
  • Validate vulnerability resolutions and ensure they are deployed to production in a timely manner
  • Track open issues and follow up to ensure remediation
  • Participate in the change management process ensuring that all releases are reviewed by security before being approved for production
  • Provide guidance to application groups on application security best practices
  • Enhance and deliver application security training to Verisign engineers
  • Develop automated security tests that can be integrated into a product’s automated test suites
QUALIFICATIONS
  • 8+ years industry experience
  • 4+ years of hands-on application security assessment experience
  • 2+ years of Application development experience
  • Experience with various programming languages (preferred C, C++, Java, Python, and JavaScript)
  • Experience developing API based applications to integrate disparate systems
  • Experience using Burp Suite to perform security assessments (with a focus on manual testing)
  •  Knowledge of the OWASP Testing Framework and OWASP Top 10
  • Experience in implementing security assessments within a continuous integration pipeline highly preferred
  • Methodical and organized; able to manage multiple opportunities, projects, and partners concurrently
  • Able to multi-task and work independently with minimum supervision to meet firm deadlines
  • Performs other special projects or duties as assigned
  • Understanding of Agile methodologies (Kanban, Scrum, pair programming etc.)

JOB: Technology
JOB TYPE: Regular
PRIMARY LOCATION: United States-Washington D.C. Metro-Virginia-Reston
SCHEDULE: Full-time
SHIFT: 1st Shift




Share this job:

Verisign

Verisign, a global leader in domain names and Internet security, enables Internet navigation for many of the world’s most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key Internet infrastructure and services, including the .com and .net domains and two of the Internet’s root servers, as well as performs the root-zone maintainer functions for the core of the Internet’s Domain Name System (DNS). Verisign’s Network Intelligence and Availability services include intelligence-driven Distributed Denial of Service Protection, iDefense Security Intelligence and Managed DNS.
 
Specialties
Internet Infrastructure Services, Cybersecurity, Network Availability, Domain Names, Cloud Security, DDoS Protection Services, Cyber Intelligence, Managed DNS
Visit Verisign's Social Media pages:
Company Industry: Information Technology and Services
Company Type: Public Company
Company Size: 1,001-5000