APPLICATION SECURITY ENGINEER SKILLS, EXPERIENCE, AND JOB REQUIREMENTS

Updated: July 29, 2024 - An Application Security Engineer skilled in Information Lifecycle Management (ILM), ensures secure data retrieval and updating via backend APIs. They define consumer security architecture, develop user-friendly experiences, and conduct QA testing in agile environments. Proficient in web and mobile application security risks, Linux, Networking, Cryptography, and software development, they maintain seamless application functionality across CI/CD pipelines.

Summary of Application Security Engineer Knowledge and Qualifications on Resume

1. BS in Computer Science with 5 years of Experience

  • Hands-on experience in enterprise penetration testing with an emphasis on Cloud or systems
  • Successful track record of implementing and delivering projects involving a variety of cybersecurity functions for mobile applications
  • Hands-on experience in Android and iOS programming
  • Deep understanding of inner workings of security concepts and mechanisms
  • Knowledge of security-related topics such as authentication, entitlements, identity management, data protection, 
  • Knowledge data leakage prevention, validation checking, encryption, hashing, principle of least privilege, 
  • Knowledge software attack methodologies, secure data transfer, secure data storage, etc.
  • In-depth knowledge of vulnerabilities and mitigations
  • Reverse Engineering of Objective-C code and Java Byte Code
  • Demonstrated practical knowledge of Android and iOS cryptography

2. BS in Cybersecurity with 2 years of Experience

  • Experience in enterprise software development
  • Demonstrable experience in Application Security
  • Experience with OWASP and tooling such as Burp Suite/Proxy, SonarQube, HP Fortify, etc or similar.
  • Strong experience with modern development languages and frameworks
  • Passion to make security realistic, achievable and interwoven with the business fabric
  • Experience with Threat Modeling in an enterprise, not just theoretical
  • Strong experience with cloud provider ecosystems, ideally Microsoft Azure
  • Strong understanding of web applications and architectures, relational and non-relational databases, and hardware architectures
  • Effectively applying the principles of information security to IT environments
  • Strong understanding of modern application development and operational philosophies
  • Some project management experience: Able to assess needs, define objectives, identify resources needed 

3. BS in Information Technology with 2 years of Experience

  • Non-internship professional experience with web application Architecture Security Review
  • Experience in Threat Modeling, Static Code Review, Penetration Testing, and Incident Response Planning.
  • Proven experience with the information security principles and the Common Body of Knowledge (CBK) domains
  • Experience in core technologies (CIA, encryption, identity, authN/authZ, SSO, web protocols, and privacy).
  • Experience with Amazon Web Services (AWS) products and security controls.
  • Proficient in at least one programming language - Java
  • Ability to communicate security requirements to both technical and non-technical stakeholders.
  • BS in Engineering or Computer Science, or other relevant degree.
  • Experience in advocating security best practices for third party integrations (e.g. with SAAS solutions, third-party libraries, etc.).
  • Current knowledge around web and mobile application vulnerabilities, attacks, and mitigation methods.
  • AWS certifications such as AWS Certified Security – Specialty, AWS Certified Cloud Practitioner, or other security related certifications such as CEH, Security+, or GSEC.

4. BS in Software Engineering with 3 years of Experience

  • .NET or Java Web Application development on an enterprise scale
  • Code review practice, functional and quality focus
  • Technical leadership in design, development and/or support
  • Application/product management experience
  • Software testing, QA or security leadership
  • Utilization of APIs such as RESTful Services
  • Scripting ability in Python or similar language
  • Committed interest to AppSec
  • Vulnerability rating and analysis (CVE, CVSS, CWE ratings) utilization
  • Proficiency with a static analyzer such as Checkmarx, Fortify SCA or Coverity
  • Understanding of application security vulnerabilities and prevention
  • CISSP, GISSP or other relevant secure coding certification(s)

5. BS in Computer Engineering with 6 years of Experience

  • iOS or Android Mobile application development for consumer applications
  • Technical specification development, both internally and for vendor software
  • Threat modeling of application architecture
  • Business experience in and/or supporting the financial sector
  • Security vulnerability assessment techniques during design, development and testing
  • Operation of enterprise policy and standards for technologies and development
  • Engagement of key stakeholders, both technical and senior leadership
  • Experience with public internet web and/or consumer mobile development
  • Experience involved in testing, QA or security related activities (can be concurrent)

6. BS in Mathematics with 7 years of Experience

  • Coding and scripting experience using Java, JavaScript, and/or Python, for example
  • DevOps pipeline experience related to the automation of application testing, delivery, and infrastructure as code (e.g., GitHub, Jenkins, Puppet)
  • Familiarity with various application and code scanning technologies – SAST, DAST, RASP
  • Experience logging, identifying, tracking, and resolving cybersecurity vulnerabilities
  • Strong security aptitude and an ability to learn new technologies quickly
  • Proven analytical, problem solving, and collaboration skills
  • A proven ability to communicate effectively and regularly with internal and external stakeholders relating to incidents, problems, changes, and maintenance
  • Worked closely with security architects to develop service and technology roadmaps
  • Identified and recommended new services and solutions
  • Defined cybersecurity requirements, standards, best practices, and procedures
  • Worked with vendor support to continuously improve product implementations, integrations, and utilization

7. BS in Information Systems with 3 years of Experience

  • Led performance tuning, disaster recovery, and integration of applications with other enterprise tools
  • Familiarity with cybersecurity and risk management frameworks like NIST CSF, ISO 270001, CIS and OWASP
  • Communicated effectively and regularly with internal and external customers relating to incidents, problems, changes, and maintenance
  • Experience troubleshooting complex systems, remediating issues, and taking steps to prevent recurring issues.
  • Achieve objectives and begin implementation towards goal completion
  • Experience in mobile application development (Android and iOS)
  • Experience with application testing tools (eg. SAST, DAST, IAST, etc)
  • Exposure to Agile methodologies (SAFe, Kanban, Scrum)
  • Experience working in the cloud computing industry with a focus of sustaining IT services.
  • Experience on code scan include DAST/SAST/IAST, skill and knowledge about remediation.
  • Automation: RestAPI integration, UCD, Jenkins, Ansible.
  • Development skill with Java or other related language.
  • Interest in Security and compliance.

8. BS in Network Security with 2 years of Experience

  • Work with backend APIs to retrieve and update information securely
  • Professional with security ILM background.
  • Define the architecture for consumer security on various projects
  • Develop secure and consumer user experiences
  • Ensure the applications run properly from front end to back end
  • Work in a pair programming and agile environment
  • Experience in a security or QA testing-focused role
  • Introductory understanding of web application and mobile application security risks
  • Fair understanding of Linux, Networking, and Cryptography fundamentals
  • Experience with software development and code reviews, CI/CD pipelines, Node.js
  • Excellent command of English, both written and verbal

9. BS in Information Security with 5 years of Experience

  • Crafting, implementing and supporting highly scalable backend applications. 
  • Deep understanding of web protocols (TCP, HTTP, GRPC) and API development.
  • Experience with secure SDLC, Threat Modeling and SAST. 
  • Knowledge of development/integration tools and technologies (e.g. CI/CD)
  • Have a background in web application development and code auditing
  • Strong experience with Java and the Java ecosystem, familiarity with Python and Javascript and other scripting languages.
  • Proficiency in networking concepts (firewalls, load balancers, etc)
  • Experience working with infrastructure in public cloud (e.g. AWS, Azure, Google Cloud)
  • Passion for understanding and researching application security, vulnerabilities and exploitation techniques.
  • Ability to triage, recommend remediations and implement fixes as needed.
  • Ability to craft and establish secure coding patterns/standards across multiple code repositories. 

10. BS in Electrical Engineering with 2 years of Experience

  • Experience in security, preferably in application security or software engineering role
  • Technical skills including networking, software engineering, systems administration, penetration testing and vulnerability assessments
  • Experience in a cloud infrastructure environment - AWS or Azure, preferably with Azure PaaS experience
  • Experience in vulnerability management and threat intelligence capabilities
  • Experience in working with software developers to advise on security controls and requirements
  • Experience with common information security management frameworks, standards, principles and processes (OWASP, CIS, SANS, ISO, NIST etc)
  • Relevant security certifications (CISSP, GIAC, Security+, CEH, OSCP etc)
  • Experience in highly automated DevOps environments and familiarity with toolsets including Git, ARM, EBS, CloudFormation, Docker, Kubernetes, Puppet, Chef etc
  • Excellent verbal and written communication skills in English
  • Mentor team members on writing code that is secure, efficient, maintainable and testable.

11. BS in Computer Science with 4 years of Experience

  • Experience with Cyber Security / Application Security Risk Management
  • Previous working experience as a Penetration Testing Expert and vulnerability assessment
  • In-depth understanding of application security frameworks and testing tools such as Aircrack-ng, Burp Suite, SQLmap, NIST and OWASP
  • In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell
  • Regulatory Compliance
  • Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud
  • Experience with Source Code Review
  • Experience in mobile application, network and wireless penetration testing.
  • Capable of analyzing requirements
  • Develop and peer review of LLD (Initiate/ participate in peer reviews)
  • Participate in discussions with business stakeholders
  • Create test cases as per the different testing methodologies
  • Coach members of project groups to ensure effective knowledge management activity.

12. BS in Cybersecurity with 5 years of Experience

  • Required coding languages: JavaScript, Java, .NET
  • Desired Experience/knowledge/expertise with the following:
  • Static and dynamic code scanning tools and methodologies, such as Fortify, WhiteHat, Burp, SonarQube, etc.
  • Project and software development lifecycles (SDLC, DevOps, DevSecOps, Waterfall, Agile, etc.)
  • Web application communications network architecture, authentication and authorization schemes and protocols, Web APIs, secure authentication mechanisms, secure password storage and exchange, Multi-factor authentications, SSO, Open SSL, Containers
  • Web application development frameworks, protocols, content management systems and techniques: SFTP, JBoss, Apache, IIS, .NET, WordPress, etc.
  • General Database knowledge (Oracle, MS SQL server), SQL
  • Database Architecture, Schema design, OWASP tools and methodologies.
  • Database authentication, authorization methods/protocols
  • DevSecOps experience and expertise.

13. BS in Information Technology with 6 years of Experience

  • Ability to work in a self directed, fast paced environment, that is highly collaborative and cross functional projects that are high profile and critical.
  • Have coding experience in one or more general purpose languages.
  • Able to speak to the identification, exploitation, impact, and remediation of at least one vulnerability class from either the CWE/SANS 25 or OWASP Top 10.
  • Have significant Java, Node/React, or Python experience.
  • Have experience building security through a CI/CD toolchain.
  • Have experience automating with Workflow Orchestration or SOAR tools.
  • Have public CVEs, or contributions to an open source project.
  • Have security consulting experience.
  • Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
  • Keeps up with industry trends in security, technology and threats
  • Know Firewall, Ports, connection, VPC tunneling, AWS data movement services (Snowball), Direct Connect. 
  • Have experience with open source security tools -Nessus, Nexpose, Core Impact, BurpSuite, Cobalt Strike, Metasploit, Meterpreter, Empire, Wireshark, etc.
  • Know Linux, Windows, Cisco, Active Directory.
  • Experience programming and scripting
Relevant Information
Application Engineer Skills, Experience, and Job Requirements
Application Developer Skills, Experience, and Job Requirements
Application Programmer Skills, Experience, and Job Requirements
Application Specialist Skills, Experience, and Job Requirements