Senior Application Security Engineer

Fortinet is seeking a Senior Application Security Engineer to join their Corporate Information Security team. This technical role involves conducting security reviews on applications, providing security education, and handling vulnerability reports. The position requires a strong understanding of OWASP vulnerabilities and API security risks. The role involves driving the application security program, working with development teams, and researching new attack vectors.

Requirements

• 5+ years of work experience as an Information Security Researcher or Engineer
• 3+ years of experience with manually auditing source code to find security issues
• Strong understanding of OWASP TOP 10 vulnerabilities
• Strong understanding of common API security risks
• Strong understanding on Cloud-Native application architecture, microservices, containerization technologies, secure deployment and implementation issues
• Proven experience in application penetration testing
• Proven experience in security code review
• Strong foundation in computer and network security, authentication & authorization, security protocols and applied cryptography
• Solid understanding with web security standards such as CSP, SOP, CORS, and emerging web security technologies
• Solid understanding on CI/CD pipelines, build systems and DevSecOps principles
• Experience defining security architecture patterns and standards in a large enterprise organization
• Experience with cloud-based security solutions and familiarity with cloud service providers
• Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA
• BS degree in Computer Science, Cyber Security, other tech-related degree
• Experience in Cloud Security Posture Management (CSPM) and/or Application Security Posture Management (ASPM) tools is a plus

Benefits

• Competitive salary
• Comprehensive training
• International career opportunities