Application Security Engineer

ACIMA

Application Security Engineer
Draper, Utah, Hybrid

As a Senior Application Security Engineer, you will work to support the various processes and procedures related to application security and gather information from product engineering teams related to these activities. You will work to both collect and disseminate information throughout the business to ensure processes and procedures are operating efficiently and effectively. You will support the developers in their efforts to secure our applications and assist in the documentation and tracking of various application security efforts.
What You Will Do

• Enable secure-by-default best practices by developing libraries and frameworks to prevent future vulnerabilities
• Build and manage tools that help manage, test, monitor, and improve application security
• Help develop security standards, secure common frameworks as well as developer documentation and educational materials
• Conduct web app penetration testing, code scanning, dependency scanning that can be incorporated into SDLC process and CI/CD pipeline
• Work closely and together with the development team to provide guidance and mitigate security vulnerabilities 
• Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).
• Perform security architecture and design reviews of all systems and applications developed at Acima.
• ​​Building automated code scanning tools to identify security vulnerabilities in application code and infrastructure code using both open source and commercial tools Integrating open-source and/or commercial static application code scanning tools with the CI/CD Pipeline
• Provide a leadership role in the development, implementation and maintenance of consistent application and infrastructure architecture security programs.

Qualifications

• 3 years of experience working in an application security role
• Extensive knowledge of internet security issues, cloud architectures, and threat landscape
• Background in web application development and/or code auditing
• Experience with static and dynamic code analyzers
• Experience with software composition analysis tools
• Web application penetration testing and source code vulnerability analysis skills
• General understanding of application and cloud security threats and vulnerabilities, including OWASP top 10, SANS top 25 etc.
• Professional security certification: CISSP, GIAC, GWEB, GWAP or other similar credentials.
• Deep technical understanding of the OWASP Top 10
• Experience with BurpSuite, Zed Attack Proxy (ZAP), or similar dynamic testing tool
• Knowledge of current development practices, including containerized applications, microservice architectures, serverless architectures, native mobile applications, responsive web applications, etc. a plus

Acima Digital is a young and dynamic leasing company that provides consumers financing options for life necessities that otherwise would not be available to them. We help with financing options from tires/wheels to furniture and appliances. Acima blends the use of innovative online technology with a fast and easy application process for thousands of retailers nationwide. Customers love us because we make the impossible possible. Retailers love us because we make it easy for them.

Benefits/Compensation

• Flexible schedules: Hybrid (mix of office and home office)
• DTO (discretionary time off).
• Medical insurance with United Healthcare (IHC network) 
• Health Savings Account (HSA) with company contribution.
• Dental insurance (Cigna) and Vision insurance (United Healthcare)
• Paid holidays
• 401K match 6%/3%
• Free Dev lunches every Friday for locals
• Fully stocked snack bar with beverages
• Onsite gym and bike locker
• College tuition reimbursement program (STEM) 
• Free car charging

If you're interested in this position, please send your resume to rob.fabry@acima.com

#LI-Hybrid