Fortinet is looking for an Application Security Engineer to join the Corporate Information Security team. This is a highly technical role, with responsibilities conducting security reviews on various Fortinet applications, providing security education to our engineers and handling externally reported vulnerabilities.
- Serve as an application security subject matter expert who provides guidance to internal teams
- Work closely with development teams, perform code reviews, penetration tests, and architectural reviews on existing codes and new features.
- Develop, implement, and communicate vulnerability mitigation strategies to development teams
- Handle externally reported vulnerabilities as a member of Corporate Information Security Responsible Disclosure Program committee.
- Drive Fortinet static and dynamic application security testing program.
- Develop strategies, evaluate solutions, design and implement tools, processes and controls to ensure that security and privacy are designed in Fortinet applications
- Advise development teams on SDLC best practices.
- Proactively research new attack vectors on applications that may affect Fortinet applications and infrastructure.
- Be part of a global distributed team to share knowledge, workload and assignments. Strong sense of teamwork is required. Coach peers in application security concepts and best practices.
- 5+ years of work experience as a Information Security Researcher or Engineer
- Strong understanding on OWASP TOP 10 vulnerabilities.
- Proven experience in Web Application Penetration Testing
- Proven experience in security code review
- Proven experience in application security testing (DAST, SAST, IAST, SCA) tools and processes
- Strong foundation in computer and network security, authentication & authorization, security protocols and applied cryptography
- Solid understanding with web security standards such as CSP, SOP, CORS, and emerging web security technologies.
- Experience defining security architecture patterns and standards in a large enterprise organization.
- Efficiency with web proxies such as Burp or OWASP ZAP or Fiddler
- Understanding of common API security risks
- Understanding of OAuth and JWT implementations.
- Familiarity with CI/CD pipelines, build systems and containerized architecture.
- Familiarity in cloud security deployment and implementation issues.
- Ability to organize & communicate effectively, both written and verbal, with technical and non-technical people across functional teams
- A BS degree in Computer Science, Cyber Security, other tech-related degree, or equivalent experience.
- Having OSWE OSCP, GWEB, GPEN or similar certificate is a plus
- Experience in Mobile Application Penetration Testing is a plus
- Address Sunnyvale, CA, USA
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 5-10