Senior Application Security Engineer

As a Senior Application Security Engineer, you will be responsible for enhancing the security posture of our applications throughout their lifecycle. You will collaborate closely with development teams to integrate security best practices, conduct thorough threat modeling, and apply OWASP ASVS techniques to identify and mitigate security vulnerabilities.

Key Responsibilities:

• Lead and participate in the design and implementation of secure coding practices across development teams
• Conduct detailed threat modeling exercises for new and existing applications to identify potential security issues
• Perform security reviews and code analysis to proactively identify and mitigate security vulnerabilities
• Participate in code reviews (Java, Python, etc.)
• Perform manual and tool-assisted secure code reviews on code diffs for a variety of programming languages.
• Work closely with developers to provide guidance on remediation strategies and secure coding techniques
• Implement and maintain automated security testing tools and processes
• Evaluate third-party libraries and dependencies for security risks
• Stay abreast of emerging security threats, vulnerabilities, and technologies to continuously improve application security measures
• Collaborate with cross-functional teams including Engineering and Operations to integrate security into the software development lifecycle (SDLC)

Requirements:

• Bachelor's degree in Computer Science, Information Technology, or related field (or equivalent experience)
• 10+ years of proven experience as an Application Security Engineer or a similar role
• In-depth knowledge of OWASP ASVS and application security best practices
• Strong understanding of threat modeling methodologies and tools
• 5+ years of extensive development experience in one or more of the following programming languages: Java, C, C++, or Python
• Hands-on experience with secure coding practices and techniques (e.g., encryption, authentication mechanisms, secure API design)
• Proficiency in conducting security assessments (e.g., penetration testing, code reviews)
• Experience with SAST, DAST, and SCA security tools like CodeQL, Burp Suite Enterprise, etc.
• Excellent communication skills with the ability to articulate complex technical issues to non-technical stakeholders
• Certifications such as CEH, or equivalent are a plus

This position is based in our Reston, VA office and offers a flexible, hybrid work schedule

The pay range is $160,300 - $216,900.

The anticipated annual base salary range for this position is noted above, however, base pay offered may vary depending on job-related knowledge, skills, experience. Verisign offers a discretionary bonus which is based on individual and company performance, and certain roles may be eligible for discretionary stock awards.