Senior Application Security Engineer

<p><strong>Overview</strong></p> <p>As someone experienced with securing a wide variety of applications, you are looking for an opportunity to use your skills in an innovative and technology-oriented environment. As an Application Security Engineer at Esri, you will fill a critical role in helping secure Esri's intellectual property and sensitive data against a variety of complex threats with support from all levels of leadership. Our Application Security team collaborates closely with the application development, DevSecOps, and information security departments to design security into our applications up front, perform application layer security testing, and assist developers with vulnerability remediation. We value collaboration, pragmatic security, and continuous improvement. We welcome you to join Esri, where you can make a real difference every day!&nbsp;</p> <p><strong>Responsibilities</strong></p> <ul> <li>Design, operate, and continuously improve application security testing capabilities and pipelines&nbsp;</li> <li>Assess application risks and recommend mitigations&nbsp;</li> <li>Perform application layer security reviews of the code developed by our application teams, across multiple languages and frameworks used internally&nbsp;</li> <li>Assist with application layer penetration testing to identify potential issues&nbsp;</li> <li>Provide application security guidance and mentorship to development teams as needed&nbsp;</li> </ul> <p><strong>Requirements</strong></p> <ul> <li>5+ years of experience in application security, including manual and automated code reviews, manual penetration testing, dynamic application security testing, and false positive analysis of code, pen test, and open-source security findings&nbsp;</li> <li>Demonstrated experience determining risk based on analysis/findings using a consistent risk management framework&nbsp;</li> <li>Proven ability to develop automations/applications using Python, Typescript, Java, or PowerShell&nbsp;</li> <li>Experience creating and maintaining reusable GitHub Actions workflows, with expertise in all aspects of GitHub workflow management&nbsp;</li> <li>Hands-on experience working in a DevSecOps environment built on Kubernetes with a strong knowledge of Kubernetes security best practices&nbsp;</li> <li>Ability to read and analyze code for security and design vulnerabilities&nbsp;</li> <li>Solid understanding of common web application security standards (HTTP, OAuth, OIDC, REST, and more)&nbsp;</li> <li>Experience working with cloud platforms, specifically AWS and Azure&nbsp;</li> <li>Willingness to learn new skills and enhance workflows using various AI tools&nbsp;</li> <li><span data-teams="true">US citizenship and willingness and ability to maintain a US Security Clearance</span></li> <li>Bachelor’s degree in computer science or related field</li> </ul> <p><strong>Recommended Qualifications</strong></p> <ul> <li>Proficiency in any of the following languages: C#, Python, Bash/Shell, PowerShell, JavaScript, SQL, Java&nbsp;</li> <li>Familiarity with AI-assisted coding practices, including tools such as GitHub Copilot, and an understanding of the security implications and risks introduced by AI-generated code&nbsp;</li> <li>Practical experience interpreting findings from application pen testing, code scanning and open-source scanners to determine the risk and collaborate with developers to resolve them&nbsp;</li> <li>Understanding of layer 2-7 communication protocols, common encoding and encryption schemes, and algorithms&nbsp;</li> </ul> <p>#LI-TM1</p> <p>#LI-onsite</p><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p><strong>Total Rewards</strong></p> <p>Esri’s competitive total rewards strategy includes industry-leading health and welfare benefits: medical, dental, vision, basic and supplemental life insurance for employees (and their families), 401(k) and profit-sharing programs, minimum accrual of 80 hours of vacation leave, twelve paid holidays throughout the calendar year, and opportunities for personal and professional growth. Base salary is one component of our total rewards strategy. Compensation decisions and the base range for this role take into account many factors including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.</p></div><div class="title">A reasonable estimate of the base salary range is</div><div class="pay-range"><span>$93,600</span><span class="divider">&mdash;</span><span>$157,560 USD</span></div></div></div><div class="content-conclusion"><p><strong>The Company</strong></p> <p>At Esri, diversity is more than just a word on a map. When employees of different experiences, perspectives, backgrounds, and cultures come together, we are more innovative and ultimately a better place to work. We believe in having a diverse workforce that is unified under our mission of creating positive global change. We understand that diversity, equity, and inclusion is not a destination but an ongoing process. We are committed to the continuation of learning, growing, and changing our workplace so every employee can contribute to their life’s best work. Our commitment to these principles extends to the global communities we serve by creating positive change with GIS technology. For more information on Esri’s Racial Equity and Social Justice initiatives, please visit our website <a href="https://www.esri.com/en-us/racial-equity/overview#engage-communities" target="_blank">here</a>.</p> <p><strong>If you don’t meet all of the preferred qualifications for this position, we encourage you to still apply!</strong></p> <p>Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. If you need reasonable accommodation for any part of the employment process, please email <a href="mailto:askcareers@esri.com">askcareers@esri.com</a> and let us know the nature of your request and your contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.</p> <p><a href="https://www.esri.com/en-us/privacy/overview">Esri Privacy</a> Esri takes our responsibility to protect your privacy seriously. We are committed to respecting your privacy by providing transparency in how we acquire and use your information, giving you control of your information and preferences, and holding ourselves to the highest national and international standards, including CCPA and GDPR compliance.</p></div>