استخدام Application Security Engineer

About Snapp
Snapp is the pioneer provider of ride-hailing mobile solutions in Iran that connects smartphone owners in need of a ride to Snapp drivers who use their private cars to offer transportation services. We are ambitious, passionate, engaged, and excited about pushing the boundaries of the transportation industry to new frontiers and being the first choice of each user in Iran.

Responsibilities

We’re looking for an Application Security Engineer to join our Security Team! As an Application Security Engineer, you will perform Security Testing of Snapp products and your day-to-day responsibilities will include the following:

• Perform penetration Testing.
• Consult with developer teams on secure coding practices.
• Triage and validate Security vulnerabilities found or reported, and serve as a Subject Matter Expert in AppSec to the developer team in identifying mitigation solutions.
• Create threat models of new applications and features to systematically understand how they can be attacked in order to prioritize control development.
• Partner with teams from Developer, DevOps, and product working together to build and deliver secure products.
• Integrate SAST/DAST into CI/CD Pipeline.
• Make suggestions for Security improvements.
• Perform ongoing application Security Testing and code review to improve software Security.

• Have in-depth experience in Penetration Testing in Web and API.
• Experience with multiple languages such as Go, Java, PHP, etc., and understanding how to detect and remedy related Security issues such as OWASP top 10.
• Ability to discover the business logic vulnerability.
• Have code proficiency using one or more of the following languages, such as Python, Go, PHP, or Bash.
• Have in-depth knowledge of Security tools including Kali, Burp Suite.
• Hands-on experience implementing and tuning SAST/DAST in CI/CD.
• Understanding of DevOps, CI/CD environments, familiarity with Docker/OKD.

General Skills

• Excellent written and verbal communication skills in English.
• Effective collaboration and team integration.
• Strong problem-solving abilities through imaginative and creative thinking.
• Maintain an insatiable curiosity and an aggressive outsider mindset.
• Result Oriented (Essential).
• Communication (Essential).
• Technical Expertise (Essential).
• Problem-Solving/ Analytical Thinking (Essential).
• Accountability (Essential).