Application Security Engineer
Metro-Goldwyn-Mayer Studios Inc
Culver City, CAThis was removed by the employer on 6/5/2020 11:08:00 AM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the IS/IT Category
Search for Application Security Engineer jobs in Culver City-CA
Search all Application Security Engineer postings
Full Time Job
Metro-Goldwyn-Mayer Studios Inc. ("MGM") is seeking an Application Security Engineer to help expand our security organization. The ideal candidate will have a strong understanding of all phases of the Software Development Lifecycle (SDLC): planning, creating, testing, and deploying an application.
If you are passionate about cyber defense protecting data, applications, systems, networks and services, this position will provide you with a unique, rewarding and challenging opportunity. You will participate in security operations, security audits, risk analysis, vulnerability management and security reviews on many elements of the organization.
Responsibilities:
* Write web applications using front-end languages, such as HTML, Java, JavaScript, PHP, .NET, etc.
* Create and maintain Secure Software Development Life Cycle (SDLC) and secure SDLC models.
* Gather security requirements of an application while in development.
* Define, maintain, and enforce application security polices, standards, and procedures.
* Perform manual and automated code review of applications.
* Assess vulnerabilities of applications.
* Provide security ratings and mitigations based on assessments and testing of application.
* Prioritize remediation based on security ratings and the needs of the business.
* Participate in on-call rotation and work closely with the DevOps and Application Team.
Requirements:
* Minimum 5 years of work experience in an Application Security function.
* Ability to understand an application by glancing at its code.
* Knowledge of OWASP Top 10, threat modeling, static application security testing and dynamic application security testing.
* Experience with CIS, NIST, and other frameworks for on-prem and cloud environments.
* Experience with identity providers such as Azure, Okta, Ping, etc.
* Experience with SAML, OIDC, and OAuth.
* Python knowledge is required.
* Experience with Kubernetes, Docker, Ansible, Jenkins, Gitlab etc.
* Experience with AWS, Azure, and/or GCP.
* Experience with tools such as Snyk, Veracode, Fortify, Kali, etc.
* Experience testing APIs and mitigating open API vulnerabilities.
* Experience in pentesting and the MITRE ATT&CK framework.
* Strong oral and written communication skills.
* Strong analytical mindset desired.
* Participation experience in industry events such as DefCon, BSides, ShellCon, etc a plus.
* Certified Application Security Engineer (CASE) or equivalent certification a plus.
* Bachelors of Science in a computer related field a plus.
* Knowledge of Zero Trust and FIDO2 a plus.