Job title: Senior Application Security Engineer
Job type: Permanent
Emp type: Full-time
Location: Paris, France
Job published: 08-01-2020
Job ID: 32114
Contact name: Tom Tushaw
Contact email: tom.tushaw@nicolsonbray.com

Job Description

Job title

 Senior Application Security Engineer

Location

 Neuilly-Sur-Seine, Paris, France

Salary

 Negotiable Depending on Experience

 

THE ROLE

 

As the Senior Application Security Engineer, you will be the point person for application security across Europe, ensuring that critical business applications are secure from both internal and external attack.  Your technical skills and knowledge will be tested daily and you will provide expertise in SAST, DAST and MAST scanning and secure coding.  

 

This is a unique opportunity for a UK or French national to relocate to Paris prior to the upcoming EU changes.

 

Excellent English required, good French preferred but not essential.

 

Duties and responsibilities:

  • Working with developers in traditional and DevOps environments to:
    • Catch security bugs before they make it into live
    • Liaise with and train developers on common security issues, so that they can become security champions in their own right
    • Guide and perform security activities including penetration testing and static and dynamic code testing of mobile and web applications;
  • Scoping penetration tests and analysing the results
  • Carrying out SAST and DAST scanning using the in-house toolset, and reviewing the results
  • Prioritising all application security vulnerabilities and co-ordinating with development and project teams to ensure they are remediated in a timely manner
  • Educating the development community on secure coding practices

 

 

SKILLS AND EXPERIENCE REQUIRED

 

  • Experience with DAST, SAST and MAST scanners
  • Good working knowledge of OWASP and familiarity with SecDevOps
  • Knowledge of and experience with commercial and open source application security tools such as IBM Appscan, Veracode, Metasploit, Checkmarx, QARK, Burp Suite, Arachni, Nikto, Retina, BlackDuck, Nmap, Kali Linux, and Wireshark
  • Knowledge and experience in application security testing and code review
  • Experience of securing applications in a cloud environment
  • Deep knowledge of security technologies, protocols and controls such as, firewall management, system hardening, encryption, PKI, IDS/IPS, Application firewalls, different type of attacks
  • Working knowledge of a variety of programming languages
  • Excellent communicator and influencer
  • Degree educated or equivalent work experience
  • CISSP, GPEN, GWAPT, OSCP, CEH, CHECK certified