Application Security EngineerApply
CBS Interactive is the premier online content network for information and online operations of CBS Corporation as well as some of the top native digital brands in the entertainment industry. Our brands dive deep into the things people care about across entertainment, technology, news, games, business and sports. With over 1 billion users visiting our properties every quarter, we are a global top 10 web property and one of the largest premium content networks online.
- Review implementation code of critical projects; identify security flaws and suggest remediation
- Maintain and administer the open-source applications security testing (OAST) environment through access controls.
- Maintain and administer the dynamic applications security testing (DAST) environment through access controls.
- Build, automate, and operate automated security capabilities for CBS Interactive including static application security testing (SAST) and dynamic code analysis across multiple technology stacks and development languages.
- Develop automated integration with platform like Jenkins, GitHub & Jira
- Act as advisor in the area of secure development and threat mitigation
- Thorough knowledge of the Secure SDLC and DevOps principles.
- Work with our engineering and development community to help define security gates as part of the process
- Develop our mobile framework for security testing and continue to monitor new threats and publish internal best practices.
- Design training material for building the engineering function as a central tenet of security testing.
- Publish quarterly internal newsletters associated with open source releases each quarter.
- Develop new security frameworks for desktop and web based applications
- Work with development to ensures fixes are applied as per the vulnerability policy in order to remediate as required.
- BS or MS degree in Computer Science, Computer Engineering, or equivalent technology experience.
- Understanding of Application security in context of SDLC and CI-CD
- Strong knowledge of web protocols and knowledge of various security tools and architecture.
- Demonstrated software development proficiency (Perl, Python, Go, Java).
- Comprehension of algorithms and processes for programmatic automation via scripting or programming languages (Python, Ruby, shell, perl, etc.).
- Well-rounded background in application, network and host security.
- Ability to prioritize multiple tasks and projects in a dynamic environment.
- Effective written and oral communication with multiple levels of leadership involving both business and technical sides of the business.
Equal Opportunity Employer Minorities/Women/Veterans/Disabled