100% remote - Prefer San Diego CA

Job Description
The position is a great opportunity for an entry-level Application Security Engineer or people who want to enter the Application Security Career path.
You will provide hands-on validation of static code analysis results and software composition analysis results, then communicate with developers to fix with guidance.
You will work with another application security engineer and be a part of the security team for the assigned business domain.

Key Responsibilities
● Collaborate with engineers to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).
● Perform hands-on analysis against static code scan results and software composition scan results of products and services to proactively Client risks and supervise them to resolution.
● High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.
● Collaborate with other application security engineers to align tasks with product development schedules and complete tasks in every release timing.


Qualifications
● 2+ years’ experience working within software development.
● A bachelor’s degree in Computer Science/Information Security/Cyber Security or equivalent.
● Excellent written and oral communication skills, as well as social skills including the ability to articulate to both technical and non-technical audiences.
● Able to work both independently as well with development teams and multi-task effectively.
● Firm understanding of enterprise class application architectures that are highly scalable and reliable and the expertise to secure them.
● Experience of security architecture and design reviews.
● Experience with multiple languages such as Java, Go, Python and Perl etc. and understand how to detect and remedy related security issues such as OWASP top 10.


Desired Experience
● Excellent analytical, evaluative, and problem-solving abilities.
● Experience with securing host, database, and application solutions for multi-tier systems.
● Experience with Penetration Testing.
● Knowledge of automated attack tools and developing mitigation techniques.
● Hacker Mindset and always strives to think like an attacker.
● Experience with AWS and Akamai technologies.
● Technical certifications within information security are a plus (CISSP, CCSP, GIAC or equivalents).

E-Verify: United States Employment Opportunities Only

E-Verify is an internet-based system operated by the Department of Homeland Security and the Social Security Administration and allows employers to confirm an individual’s employment eligibility to work in the United States. Under the E-Verify rules, effective September 8, 2009, federal agencies subject to the Federal Acquisition Regulation are required to modify, and include in new contracts, a provision that requires federal contractors and subcontractors to use E-Verify. ITCO Solutions is required to adhere to these requirements.