Application Security Engineer

Full Time | Islamabad,PK | Platform Engineering

Apply for position
VisionX is a fast-growing machine vision product company headquartered in New York City with a unique mission to build innovative machine vision systems and products that enhance human productivity. Our business operating model is backed by our ‘mindset’ principles that serve as a guiding framework to work each day relentlessly towards our purpose of becoming the most desirable innovation company in the world by future-proofing humanity, businesses, and society.
VisionX between its HQ1 at New York City and HQ2 at Islamabad continues to develop and deploy digital products across the globe for many renowned brands and Fortune 500. We place people outside their comfort zones and develop a new mindset so they can live a self-aware life and realize their potential. VisionX leadership strongly believes in giving back and activating digital health initiatives through its Corporate Social Responsibility initiative – Sehr Foundation.
Your role
VisionX is looking for an Application Security Engineer to bring DevSecOps practices and principles to our application development teams.  As an Application Security Engineer, you will be responsible for analyzing the security of applications and services, uncovering and remediation of security issues, implementation of security automation, and quickly responding to new threat situations. This is an extraordinary opportunity to be part of a high-performing team and pursue a life-changing mission with unique technical challenges!
You are smart, energetic, assertive, likable, and excellent at communication at all levels. You understand people, culture, and technology. You are a hustler. Passionate about being a difference-maker for others. Love startup culture. Open to rolling-up your sleeves and work at all the levels. Go above and beyond to make things happen. Own your work and ready to live by VisionX Mindset Principles.
·         Drive adoption of security best practices and embed cloud security controls as part of the SDLC 
·         Conduct internal vulnerability testing using leading industry tools  
·         Document, maintain and help implement security policies and practices 
·         Report to engineering management team on security gaps, issues, failures, or concerns of established applications or infrastructure frameworks and architecture to remediate and provide early solutions to problems 
·         Prepare system security reports by collecting, analyzing, and summarizing data and trends, including recommendation 
·         Perform code reviews and work directly with developers to ensure effective and secure code development practices 
·         Create security specifications, develop processes, and evaluate tools to assist in the secure development of applications and services 
·         Implement security automation and frameworks for code quality and testing 
·         Assist in the implementation of security-related product features like authentication, cryptography, etc. 
·         Perform vulnerability and penetration testing and present assessment reports to clearly document security findings with reasonable methods to secure. 
·         Participate actively in product design meetings, providing insight and direction related to application security risks. 
·         Implement DevSecOps practices that focus on automation to improve efficiency of testing and remediation of findings. 
·         Monitor the security community regularly for public-facing security issues, as well as new testing tactics. 
·         Work in an agile development environment, collaborating successfully with engineering teams. 
What you need
·         3+ years of experience in the application security and security engineering space 
·         Proven ability to build, manage and monitor mission critical environments 
·         3+ years of direct experience in securing networks, web applications, intrusion detection, defense and incident response, security configuration management, access controls design and implementation, and security policy and standards development 
·         Experience with static code analysis and dynamic code analysis with security code reviews 
·         Familiarity with security in serverless architecture and application designs 
·         Solid understanding of application security vulnerabilities (OWASP top 10) and countermeasures to reduce related risks 
·         Knowledge of RESTful API design/development. 
·         Hands-on experience with security tools, such as DAST and SAST 
·         Strong experience in application penetration testing, common vulnerability analysis techniques and information security threat vectors. 
·         Experience with Fuzzing, reverse engineering and advanced exploitation techniques  
·         Experience with AWS
·         Bachelor’s/Master’s in Computer Science, engineering, information systems or related field or equivalent experience
Our mindset
We live each day through the VisionX Mindset principles. We expect you to read, understand, and come prepared to talk about the execution of the similar tenets at your previous job or in your daily life:
1.      We are customer obsessed
2.      We are optimistic
3.      We dive deep
4.      We do more with less
5.      We seek to understand
6.      We are self-aware
7.      We take ownership
8.      We respect each other
9.      We win as a team
10.    We give back to our community
Why choose us
We live and breathe cutting-edge technology. We believe in delivering client value through our work. We build products that are not good or great, but outstanding. Our global network of industry experts and mentors helps shape our growth and future. Our leadership team has extensive technology, retail, and consulting experience with world-renowned brands. We have got all it takes to build an enterprise of the future.
You deliver! We will make your stay and journey with us worthwhile.
We are an equal opportunity employer, and we value diversity. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other legally protected status.