Senior Application Security Engineer

Job Description

Fortinet is looking for an Application Security Engineer to join the Corporate Information Security team. This is a highly technical role, with responsibilities conducting security reviews on various Fortinet applications, providing security education to our engineers and handling externally reported vulnerabilities.

Key Responsibilities:

  • Serve as an application security subject matter expert who provides guidance to internal teams
  • Work closely with development teams, perform code reviews, penetration tests, and architectural reviews on existing codes and new features.
  • Develop, implement, and communicate vulnerability mitigation strategies to development teams
  • Handle externally reported vulnerabilities as a member of Corporate Information Security Responsible Disclosure Program committee.
  • Drive Fortinet static and dynamic application security testing program.
  • Develop strategies, evaluate solutions, design and implement tools, processes and controls to ensure that security and privacy are designed in Fortinet applications
  • Advise development teams on SDLC best practices.
  • Proactively research new attack vectors on applications that may affect Fortinet applications and infrastructure.
  • Be part of a global distributed team to share knowledge, workload and assignments. Strong sense of teamwork is required. Coach peers in application security concepts and best practices.

Required Skills/Experience:

  • 5+ years of work experience as a Information Security Researcher or Engineer
  • 3+ years of experience with manually auditing source code to find security issues or programming skills in one or more of: Java, .NET, Python or JavaScript frameworks.
  • Strong understanding on OWASP TOP 10 vulnerabilities.
  • Proven experience in Web Application Penetration Testing
  • Proven experience in security code review
  • Proven experience in application security testing (DAST, SAST, IAST, SCA) tools and processes
  • Strong foundation in computer and network security, authentication & authorization, security protocols and applied cryptography
  • Solid understanding with web security standards such as CSP, SOP, CORS, and emerging web security technologies.
  • Experience defining security architecture patterns and standards in a large enterprise organization.
  • Efficiency with web proxies such as Burp or OWASP ZAP or Fiddler
  • Understanding of common API security risks
  • Understanding of OAuth and JWT implementations.
  • Familiarity with CI/CD pipelines, build systems and containerized architecture.
  • Familiarity in cloud security deployment and implementation issues.
  • Ability to organize & communicate effectively, both written and verbal, with technical and non-technical people across functional teams
  • A BS degree in Computer Science, Cyber Security, other tech-related degree, or equivalent experience.
  • Having OSWE OSCP, GWEB, GPEN or similar certificate is a plus
  • Experience in Mobile Application Penetration Testing is a plus
  • Strong JavaScript programming and/or understanding is a plus.


About Us

Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet Security Fabric architecture can deliver security features without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 450,000 customers trust Fortinet to protect their businesses.
We are committed to providing reasonable accommodations for all qualified individuals with disabilities. If you require assistance or accommodation due to a disability, please contact us at
Fortinet is an equal opportunity employer. We value diversity in our company, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
Job Identification : 6784

More Information

Apply for this job

Leave your thoughts

Share this job