Senior Application Security Engineer
When you join Verizon
Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
The Dynamic Application Security Pen Testing teams are a group of talented, creative thinkers who "act like the enemy" to focus on ensuring that web applications, mobile applications and APIs are secure by performing ethical hacking and penetration testing on the defences Verizon has (and some 3rd parties have) created for applications accessed from both inside and outside of Verizon. These teams aren't a "copy and paste from a scan tool" reporting team, or a cookie cutter scanning with tools team, or a team that just monitors and supports security scanning tools used by developers. These teams are an Enterprise recognized and supported group of skilled, experienced and certified ethical hacking Verizon employees who are trusted to direct themselves with a lot of unknowns. They also use their skills to support Verizon Incident Response and Bug Bounty as well as to build/develop their own tools for reporting and automation for Dynamic Application Scanning for a Secure-SDLC.
- Establishing and executing processes and standards for application layer ethical hacking and penetration of key, critical web applications, including the exploitation of security vulnerabilities.
- Designing major customization of automation tools and scripts used to enhance Verizon’s dynamic application security testing teaming processes.
- Leading the design, development or customization of scripts, tools, or methodologies to enhance Verizon’s dynamic application security testing teaming processes.
- Mentoring and training Junior level team members.
- Developing comprehensive and accurate security vulnerability reports and presentations for both technical and executive audiences.
- Identifying and documenting security gaps or vulnerabilities in applications, and processes, and advice relevant stakeholders on the appropriate course of action.
- Serving as a SME to the RISK Management and application teams.
- Presenting to and collaborate with management/exec leadership on team priorities, goals, processes and policies on a semi-regular basis.
Where you’ll be working…
This hybrid role will have a defined work location that includes work from home and assigned office days as set by the manager.
What we’re looking for...
You'll need to have:
- Bachelor’s degree or four or more years of work experience.
- Six or more years of relevant work experience.
- Experience in system and application security threats and vulnerabilities (Waterfall Model, Spiral Model).
- Experience in AWS, JAVA, Maven, ZAP, Shell Scripting, CloudFormation, AMI->EAMI Conversion, EC2 knowledge, Jenkins, Gitlab, Yaml, Docker, NodeJS, Postman, SOAPUI, GoLang, NGINX, MSSQL, Windows Server Administration, RUST, Tomcat/Apache.
Even better if you have one or more of the following:
- A Master’s Degree.
- Experience in software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization).
- Knowledge of AWS Solutions Architect, OSCP, OSCE , OSWE, GPEN, GCIH, GWAPT, GXPN.
- Knowledge of secure coding techniques.
- Knowledge of application security, application security vulnerabilities and exploitation techniques.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles.
- Knowledge of secure test plan design (e. g. unit, integration, system, and acceptance).
- Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Good organizational skills.
- Experience in SDLC.
If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.