Senior Application Security Engineer

Verisign helps enable the security, stability, and resiliency of the internet. We are a trusted provider of internet infrastructure services for the networked world and deliver unmatched performance in domain name system (DNS) services.

We are a mission focused, values driven company where each individual can contribute to building a stronger, more secure internet. We offer a dynamic and flexible work environment with competitive benefits and the ability to grow your career.

Key Responsibilities:

• Lead and participate in the design and implementation of secure coding practices across development teams
• Conduct detailed threat modeling exercises for new and existing applications to identify potential security issues
• Perform security reviews and code analysis to proactively identify and mitigate security vulnerabilities
• Work closely with developers to provide guidance on remediation strategies and secure coding techniques
• Implement and maintain automated security testing tools and processes
• Evaluate third-party libraries and dependencies for security risks
• Stay abreast of emerging security threats, vulnerabilities, and technologies to continuously improve application security measures
• Collaborate with cross-functional teams including Engineering and Operations to integrate security into the software development lifecycle (SDLC)

Requirements:

• Bachelor’s degree in Computer Science, Information Technology, or related field (or equivalent experience)
• 10+ years of proven experience as an Application Security Engineer or a similar role
• In-depth knowledge of OWASP ASVS and application security best practices
• Strong understanding of threat modeling methodologies and tools
• Hands-on experience with secure coding practices and techniques (e.g., encryption, authentication mechanisms, secure API design)
• Proficiency in conducting security assessments (e.g., penetration testing, code reviews)
• Experience with security tools such as Burp Suite, Fortify, Veracode, etc.
• Excellent communication skills with the ability to articulate complex technical issues to non-technical stakeholders
• Certifications such as CEH, or equivalent are a plus