Quest Global is an organization at the forefront of innovation and one of the world’s fastest growing engineering services firms with deep domain knowledge and recognized expertise in the top OEMs across seven industries. We are a twenty-five-year-old company on a journey to becoming a centenary one, driven by aspiration, hunger and humility.
We are looking for humble geniuses, who believe that engineering has the potential to make the impossible, possible; innovators, who are not only inspired by technology and innovation, but also perpetually driven to design, develop, and test as a trusted partner for Fortune 500 customers.
As a team of remarkably diverse engineers, we recognize that what we are really engineering is a brighter future for us all. If you want to contribute to meaningful work and be part of an organization that truly believes when you win, we all win, and when you fail, we all learn, then we’re eager to hear from you.
The achievers and courageous challenge-crushers we seek, have the following characteristics and skills:
We are looking for a hands-on, dynamic, and enthusiastic application security engineer to help drive our application security efforts. This is an exciting opportunity to join our application security efforts related to the development of various projects in IoT, Intralogistics, Control, Cloud, and Edge systems that aim to transform the industry.
This role is hands-on application security that applies expertise in application security and knowledge of security best practices to the development of existing and future products. The application security engineer not only demonstrates the skills and knowledge of a seasoned hands-on security professional but also participates in efforts to enhance application security and development practices of product teams.Additional Job Description
This is What You Will do in This Role / Key Responsibilities
• Apply coding and testing standards, apply security testing tools including SAST/DAST scanning tools, and conduct code reviews. Apply Secure Software Development Lifecycle (SSLDC) methodologies across organization.
• Identify basic common coding flaws at a high level. Perform penetration testing and integrated quality assurance testing for security functionality and resiliency attack as required for new or updated applications.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Conduct regular vulnerability assessments and penetration tests on applications and systems to identify security weaknesses and risks.
• Analyze vulnerability scan results and security assessment reports to prioritize and remediate security vulnerabilities in a timely manner.
• Develop and implement vulnerability management processes, procedures, and best practices to ensure consistent and effective vulnerability remediation.
• Collaborate with development teams to integrate security controls and best practices into the software development lifecycle (SDLC).
• Provide guidance and support to development teams on secure coding practices, vulnerability remediation techniques, and threat mitigation strategies.
• Monitor and track vulnerability remediation efforts, including patch management, configuration changes, and system updates.
• Direct the remediation of security findings and vulnerability prioritization, with development teams, encountered during testing and implementation of new systems or changes to existing systems.
• Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
What We are Looking For / Qualifications
• 5+ years of SAST/DAST scanning experience or 4+ years of penetration testing experience or 5 years of application security experience.
• Experience with security tools such as Qualys, Nessus, Sonarqube, Veracode, Burp Suite, Nexpose, Snort, or Metasploit
• Strong knowledge of security architecture, system, and network security
• Strong experience and in-depth knowledge of security standards and best practices (OWASP, SANS 25, etc.) as it relates to cloud, web, and mobile applications
• Experience in analyzing security of Java applications or cloud-based applications.
• Ability to read and write one or more common programming languages such as Java, JavaScript, C/C++, Python, including 2+ years of hands-on programming or scriptwriting, including 2+ years of working with cloud applications
• Strong Knowledge of Linux and Windows OS
• Experience with cloud computing platforms (e.g., AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes).
• Knowledge of secure software development practices and DevSecOps principles.
Preferred
• CISSP, CEH, OSCP, CompTIA Pen Test+, or GPEN
• BS in Comp Science