Application Security Engineer

Job Description

What You’ll Do

The Application Security integrates and support security at every phase of the software development lifecycle (SDLC) and work closely with developers to ensure applications are secure from inception through release. Given Teradata’s large portfolio of analytic applications, we are pushing the boundaries of security by automating source code analysis, and analytic security. Our expertise lies in deep technical understanding of security and our application security engineers within Teradata. The Application Security team is tasked with enabling software developers to build secure application and products through automating security (Shifting Left).

Who You’ll Work With

The Application Security team is an integral part of Teradata Information Security and closely partners and guides Product Engineering. Application Security team works with several teams such as CloudOps, DevOps and our Engineering teams.

What Makes You a Qualified Candidate

Proficient in 1 or more of any of the following areas:

• Manual and automated secure code review primarily in C/C++, Java, Python, Golang and JavaScript to enable software engineers to prioritize remediation of security vulnerabilities
• Provide vulnerability remediation guidance and mentoring to product development software engineers
• Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements
• Serve as the security subject matter expert around Application Security topics, processes, and tools
• Partner with Product Engineering to improve security and quality within the SDLC
• Integrate SAST, SCA, DAST, IaC, and Container scanning into CI/CD pipelines
• Interpret SAST, SCA, DAST, IaC, and Container scanning analysis tool results, penetration test results, and describe issues and fixes to non-security experts
• Train developers in various aspects of security to include secure coding, security requirements, SAST, SCA, DAST, IaC, and Container scanning security tools, etc.
• Identify and automate security processes and practices
• Evaluation of new technologies, tools, and/or development techniques that impact Application Security
• Ability to reason about security decisions

What You’ll Bring

Knowledgeable in 1 or more of any of the following areas:

• Ability to analyze findings from Application Security tools and provide detailed feedback on if detections are false positive or true positives
• Can perform detailed security code review in languages such as Java, C/C++, Go, Python, and JavaScript/Typescript
• Ability to provide clear and detailed remediation guidance around Application Security detections
• Understand Application Security practices and operations
• Ability to communicate effectively with business representatives in explaining security topics clearly and where necessary, in layman's terms
• General understanding with SAST, SCA, DAST, IaC, and Container analysis tools
• Ability to interpret SAST, SCA, DAST, IaC, and Container analysis results, and penetration test results and describe issues and fixes to non-security experts
• Knowledge on how to exploit and remediate the OWASP Top Ten (v2021)
• A deep understanding of web application and API vulnerabilities
• Familiarity with one or more cloud environments such as AWS, Azure, and/or Google Cloud
• Ability to automate tasks using Python, Bash, or Go
• An understanding of one or more programming language such as Java, C/C++, JavaScript/Typescript, Go, Python, etc.
• Understand Infrastructure as Code (IaC) languages such as Terraform, CloudFormation, Helm, Ansible, etc.
• An understanding of HTTP and SSL/TLS protocols, and Web applications
• An understanding of CI/CD processes and tools
• An understanding of compliance requirements such as PCI-DSS & FedRAMP
• Knowledge of core application security principles, common security vulnerability classes, their root causes, and mitigations
• MS/BS degree in Electrical Engineering, Computer Science, Information Technology, or related field. Advanced degree highly preferred