Application Security Engineer

United States (Remote) /
Cloud Platforms – Security /
Full Time
Granicus is the leading provider of citizen engagement technologies and services for the public sector, bringing governments closer to the people they serve with the first-and-only Civic Engagement Platform. Granicus works with more than 5,500 government organizations and connects more than 280 million people in the largest Citizen Subscriber Network of its kind.

Granicus is looking for an experienced Application Security (AppSec) Engineer to join our security team.  The AppSec Engineer will support all processes and technologies required to drive continuous improvement of secure software development practices across the enterprise. This role will work closely with Head of AppSec, security team and the development teams to (1) ensure secure SDLC standards are met, (2) application security tools, processes and measures are operating correctly, reliably and provide value and (3) work directly with software development teams, support them in improving the security posture of their code.

What You'll Do:

    • Number one: Prevent malicious attacks and data leaks!
    • Support the execution and maintenance of SAST, DAST and SCA tools
    • Support assembling and maintaining vulnerability reports
    • Perform security design and code reviews
    • Find and implement solutions to mitigate application security vulnerabilities
    • Work with dev teams on secure coding best practice and threat modeling
    • Support the enforcement of the Secure SDLC
    • Perform internal penetration tests and application security assessments
    • Assist with resolving application security production issues, zero-day vulnerabilities and malicious use of our systems
    • Perform reviews of open tickets, supplying recommendations and to analyze trends; proactively identify problems and implement avoidance measures
    • May provide secure development process evidence to auditors and clients
    • Assess new technology needs/requirements, make recommendations, and engineer approved solutions

Who You Are:

    • Bachelors degree in Computer Science, Information Technology, or related field
    • 5+ years in Software Development, proficient in: C#/.Net/ASP.NET, Ruby or PHP
    • PHP Preferred
    • Full Stack developer but prefer a candidate with strong client side (i.e., JavaScript, jQuery, Angular) skills
    • Solid understand of the OWASP Top 10 and/or SANS 25
    • Experience with SAST, DAST and SCA tools
    • Application Security level administration of web servers (IIS, Apache)
    • Enterprise SaaS or web-hosted software knowledge
    • Relational database experience (Oracle preferred)
    • Familiarity with API’s using SOAP & REST calls.
    • Familiarity developing applications through automated CI/CD and orchestration services, such as GitLab
    • Understand of agile/SCRUM SDLC processes
    • Used ticketing systems such as JIRA or a bug tracking system
    • Self-starter with a high degree of technical, organizational, and problem-solving skills
    • Possess excellent verbal/written communication, people, and presentation skills, with a high attention to detail
    • Familiarity with the following:
    • Burp Suite, OWASP ZAP or other penetration testing tool
    • Kali Linux and Metaspolit

Nice to Have:

    • CISSP, CSSLP, CISM, OSCP, CEH or other security certification
    • NIST, FedRAMP, FISMA, ISO, SOC experience
NOTE: Granicus is subject to the Executive Order requiring employees of federal contractors to be fully vaccinated for COVID-19.
Salary range between $90,000 - $120,000 + bonus
*Note: Disclosure as required by sb19-085 (8-5-20) of the minimum salary compensation for this role when being hired into our offices in Colorado.

Benefits: At Granicus, we offer a competitive benefits package that allows employees to tailor benefits to their needs. Benefits listed below are for employees based in the U.S.
- Flexible Time Off
- Medical (includes an option that is paid 100% by Granicus!), Dental & Vision Insurance
- 401(k) plan with matching contribution
- Tuition & Training Reimbursement
- Paid Parental Leave
- Employer-paid Short and Long Term Disability Insurance, Group Term Life Insurance and AD&D Insurance
- Group legal coverage 
- Transit and/or parking supplement for office-based employees
- Free snacks and drinks in our offices
- And more!

Granicus is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status with regard to public assistance, familial status, military or veteran status or any other status protected by applicable law.