Expoint – all jobs in one place
The point where experts and best companies meet
Limitless High-tech career opportunities - Expoint

Fortinet Senior Application Security Engineer 
United Kingdom 
679542011

Yesterday

Key Responsibilities:

  • Serve as an application security subject matter expert who provides guidance to internal teams
  • Work closely with development teams, perform code reviews, penetration tests, and architectural reviews on existing codes and new features.
  • Develop, implement, and communicate vulnerability mitigation strategies to development teams
  • Handle externally reported vulnerabilities as a member of Corporate Information Security Responsible Disclosure Program committee.
  • Drive Fortinet static and dynamic application security testing program.
  • Develop strategies, evaluate solutions, design and implement tools, processes and controls to ensure that security and privacy are designed in Fortinet applications
  • Advise development teams on SDLC best practices.
  • Proactively research new attack vectors on applications that may affect Fortinet applications and infrastructure.
  • Be part of a global distributed team to share knowledge, workload and assignments. Strong sense of teamwork is required. Coach peers in application security concepts and best practices.

Required Skills/Experience:

  • 5+ years of work experience as an Information Security Researcher or Engineer
  • 3+ years of experience with manually auditing source code to find security issues or programming skills in one or more of: Java, .NET, Python or JavaScript frameworks.
  • Strong understanding on OWASP TOP 10 vulnerabilities.
  • Strong understanding of common API security risks
  • Strong understanding on Cloud-Native application architecture, microservices, containerization technologies, secure deployment and implementation issues.
  • Proven experience in application penetration testing
  • Proven experience in security code review
  • Proven experience in application security testing (DAST, SAST, IAST, SCA) tools and processes
  • Strong foundation in computer and network security, authentication & authorization, security protocols and applied cryptography
  • Solid understanding with web security standards such as CSP, SOP, CORS, and emerging web security technologies.
  • Solid understanding on CI/CD pipelines, build systems and DevSecOps principles.
  • Experience defining security architecture patterns and standards in a large enterprise organization.
  • Experience with cloud-based security solutions and familiarity with cloud service providers, particularly in relation to application security
  • Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.
  • Efficiency with web proxies such as Burp or OWASP ZAP or Fiddler
  • Understanding of OAuth and JWT implementations.
  • Ability to organize & communicate effectively, both written and verbal, with technical and non-technical people across functional teams
  • A BS degree in Computer Science, Cyber Security, other tech-related degree, or equivalent experience.
  • Experience in Cloud Security Posture Management (CSPM) and/or Application Security Posture Management (ASPM) tools is a plus.
  • Having OSWE OSCP, GWEB, GPEN or similar certificate is a plus
  • Experience in Mobile Application Penetration Testing is a plus
  • Familiarity with AI&ML & LLM concepts, AI Red Teaming, AI Guardrails is a plus.