Application Security Engineer - Java
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyber-attacks. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has intelligent agents that work actively inside applications to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.
About the Position
We are in search of someone who loves Java and wants to explore Java in depth. Our Java Security Engineer will be responsible for helping create the rules and policies for the agent to find vulnerabilities and stop attacks.
The opportunity is to join the internal application security research team, but also work directly with our flagship Java agent team. Our Application Security Research team is hyper-focused on continuous vulnerability and threat research affecting the world's software ecosystem. The Security Engineer is responsible for supporting and contributing to Contrast’s agent rules and policies for Contrast Assess, Protect, and OSS platforms.
Roles and Responsibilities
- Evaluate the Java language and frameworks for sources and sinks for agent security policy definition and modifications.
- Determine which frameworks the Java agent should support based on industry research and knowledge.
- Develop an understanding of how Java's threads, locks, I/O, and garbage collection affect our agent and our users' applications
- Automate everything
- Approach problems from a product perspective, keeping in mind how to solve problems for Java developers like themselves
- Solve hard problems and recognize that the best work is the result of finding the simplest solution to complex challenges
- See the big picture, and understand how the code they write interacts with our users' systems
- Support the gathering of language, library, license and application security research.
- Extensive experience with developing applications in Java.
- Understanding of the OWASP Top 10 and SANS/CWE Top 25.
- Experience with ethical hacking and vulnerability management reporting is a nice to have.
- Knowledge of cloud hosting environments (AWS, Azure, GCP, OCI, etc).
- Have strong communication skills, are not afraid to ask questions, and share what they learn
- You ask questions, let others know when you need help, and tell others what you need.
- 3-5 years of experience of Java development with a mix of application security experience.
- Bachelor’s Degree in Math, Computer Science, Engineering or Information Systems
What We Offer
- Competitive compensation (salary + equity)
- Medical, dental and vision benefits
- Flexible paid time off
- Daily in-office lunches