Staff Software Development Engineer (Application Security)
Description For Staff Software Development Engineer (Application Security)
Zscaler, a leading cloud security company, is seeking an experienced Application Security Lead to join their Product Security team. Reporting to the Director of Vulnerability Management, you'll be responsible for:
-
Static and Dynamic Application Security Testing (SAST/DAST): Conduct static and dynamic analysis of applications to identify and improve security vulnerabilities early in the development process.
-
Software Composition Analysis (SCA): Implement SCA tools to manage open-source components, ensuring all third-party libraries and frameworks are secure and up-to-date.
-
CVE Detection and Remediation: Monitor for Common Vulnerabilities and Exposures (CVEs) in the codebase and work with development teams to fix these vulnerabilities promptly.
-
Secret Management: Detect and improve hard-coded secrets in the codebase, ensuring sensitive information is securely managed and stored.
-
Container and Infrastructure as Code (IAC) Security: Assess and secure containerized environments and IAC deployments, following security best practices.
The ideal candidate will have:
- Minimum 7 years of hands-on experience in application security
- Proficiency with tools like Snyk, Semgrep, Coverity, Checkmarx, Burp Suite, OWASP ZAP, and dependency management tools
- Experience with secure coding practices, vulnerability management, and remediation techniques
- Expertise with source control (Github, Bitbucket) and CI pipelines (ArgoCD, Jenkins)
- Experience detecting and remediating security issues within codebases
Preferred qualifications include:
- 3+ years of hands-on experience in SAST, DAST, Container Security, IAC, or Secrets management
- Previous experience as a software developer or in a DevSecOps role
- Proficiency in languages such as Java, Python, JavaScript, C/C++, and Golang
- Experience securing cloud environments (AWS, Azure, Google Cloud)
Zscaler offers comprehensive benefits, including various health plans, time off, parental leave, retirement options, and education reimbursement. The company is committed to diversity, equity, and inclusion, welcoming applicants from all backgrounds to contribute to their mission of making business seamless and secure.
Responsibilities For Staff Software Development Engineer (Application Security)
- Conduct static and dynamic analysis of applications
- Implement Software Composition Analysis (SCA) tools
- Monitor for Common Vulnerabilities and Exposures (CVEs)
- Detect and improve hard-coded secrets in the codebase
- Assess and secure containerized environments and IAC deployments
Requirements For Staff Software Development Engineer (Application Security)
- Minimum of 7 years of hands-on experience in application security
- Proficiency with application security tools (Snyk, Semgrep, Coverity, Checkmarx, Burp Suite, OWASP ZAP)
- Experience with secure coding practices and vulnerability management
- Expertise with source control (Github, Bitbucket) and CI pipelines (ArgoCD, Jenkins)
- Experience detecting and remediating security issues within codebases
Benefits For Staff Software Development Engineer (Application Security)
- Various health plans
- Time off plans for vacation and sick time
- Parental leave options
- Retirement options
- Education reimbursement
- In-office perks
Jobs Related To Zscaler Staff Software Development Engineer (Application Security)
