Hard Rock International

Returning Candidate?

Application Security Engineer

Application Security Engineer

Job ID 
# of Openings 
Job Locations 
Information Technology

More information about this job


The purpose of the Application Security Engineer role is to assist the development and security operations team with application-level security assessments and threat mitigation, perform penetration testing and security code reviews and review application security architecture.


The primary duties and responsibilities of the Application Security Engineer follow:

  • Develop and evangelize secure programming standards
  • Provide guidance to the development and applications teams to proactively address security concerns and ensure that application security architecture, designs, and plans are aligned with information security standards and controls
  • Define and coordinate security requirements within various stages of the system development lifecycle process
  • Validate and address vulnerability / threat findings from static analysis tools
  • Coordinate, schedule and perform routine internal application, network, system and infrastructure penetration testing
  • Perform security reviews of software designs and assist developers to ensure quality and robustness of our internal products
  • Perform overall design review, including protocol checks for security issues
  • Examine communications protocols and data storage mechanisms for security risks
  • Validate, address and document responses to security findings from third-party penetration testing engagements
  • Perform code reviews, application vulnerability testing and penetration testing
  • Conduct security assessments against web applications and APIs across a variety of technology stacks
  • Ensure adequate security requirements and privacy by design are built in to all architecture/infrastructure/projects
  • Perform other security team relevant duties and responsibilities as assigned


Bachelor’s degree preferred in Computer Sciences, Information Technology, Information Security or other related field
Five (5) years of related work experience, which includes two (2) years of practical experience in security incident management and response and two (2) years of practical experience in threat modeling, penetration testing and/or secure application development
Direct experience with secure application development and application security risk mitigation techniques
Knowledge of OAuth/OpenID Connect and JSON Web Token (JWT) highly desired
Knowledge of web application attacks and defense strategies including those found in the OWASP Top 10 and mobile Top 10
Passionate about Application Security with any combination of the following: secure coding, experience securing platform web APIs, code debugging, software development, system administration and network security, penetration testing (app and network), implementation of secure application architectures, cryp0toigraphy and key management, authentication and control of application permissions
At least one industry standard certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Fraud Examiner (CFE), or SANS GIAC Certifications such as GWAPT, GPEN, GCIA, GWEB, GSSP
Have an understanding of OS concepts such as scheduling, interrupt handling, virtualization of computing resources
Demonstrate an understanding of programming and scripting skills
Familiar with application security tools such as Rapid7, Core Impact, BurpSuite Pro, OWASP ZAP, Nmap, Nessus, Metasploit, Kali Linux
Experience with an interpreted programming language (PHP, Python, Perl, Ruby, Java, Node.js, JavaScript, etc)
Comfortable working independently but able to escalate problems as necessary
Willing to guide and mentor fellow team members
Can write code and documentation
Can effectively use git and understand common SCM workflows

Additional Skills:
Team player able to work effectively at all levels of an organization with the ability to influence others to move toward consensus
Clear ability to build strong relationships and establish trust with stakeholders at all levels.
Excellent verbal and written communications skills – effecting communicator who engages well with technical and non-technical audiences alike
Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner
Ability to solve complex problems in a timely manner by working with multiple stakeholders
Ability to manage multiple tasks and work streams effectively
Ability to follow detailed procedures and processes with a high degree of accuracy.
Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product
Experience managing project through the full system development lifecycle
Multiple language abilities preferred – fluency in English (written and spoken) required
Flexibility to travel as required up to 25% overnight travel