Application Security Engineer

Who are we?

Job Summary

The Application Security Engineer will be responsible for strengthening and continuously improving the security posture of the applications. This role involves integrating security best practices into application development lifecycle, automate security controls, implementing infrastructure and configuration as code. In addition to a focus on Information Security, this role will work collaborate closely with application teams to assess vulnerabilities and guide with secure remediation strategies.

Success for this role requires that you are

• Familiar with information security concepts, standards and trends

• Able to implement and maintain infrastructure and configuration as a code

• Driven to learn new things; excited about challenges and finding solutions

• A strong builder mentality with a drive to “see things through”

• Able to interpret and apply security principles and standards to designs, configurations and policies

• Able to communicate technical concepts and details to peers and management clearly and concisely

• Able to demonstrate good judgment concerning the confidentiality, availability, and integrity of information

Responsibilities

• Embed Security controls and tools into CI/CD pipelines (ex: SAST, SCA, DAST, Secrets Scanning)

• Implement Shift-left security practices to ensure vulnerabilities are detected and remediated early in the SDLC lifecycle.

• Work with application teams on secure design principles, threat modeling, architecture reviews and guide them with remediation strategies.

• Design, build, document, and maintain efficient, reusable, and reliable code for Security Orchestration, Automation, and Response (SOAR) policy as code, and Security Operations and Analytics platforms

• Model the Equinix culture and values

Knowledge / Skills / Abilities

• Hands-on experience with CI/CD tools (ideally GitHub Actions)

• Strong working knowledge of how to implement secure systems using public cloud services (any of the major cloud providers)

• Functional understanding of SAST, SCA and DAST concepts

• Experience building automations and services in Terraform, ansible, Python, etc.

• Assess application security risks and recommend solutions aligned with industry standards (OWASP, NIST, CIS Benchmarks)

• Knowledge of Authentication and Authorization technologies and methods (SAML, HMAC, OAuth etc.)

• Partner with Application teams to remediate vulnerabilities and adopt secure coding practices

• Demonstrated ability to work within globally dispersed and cross-functional teams

Qualifications

• 4+ years’ work experience in Security Engineering or DevSecOps in a medium or large corporate environment; or a college degree in computer science, data communications, electrical or computer engineering and 3 years’ work experience

• Demonstrated hands on experience with the following technologies (at least couple)

  • SCA (any of Apiiro, Nexus IQ, Snyk, etc)

  • SonarQube

  • API security, DAST (Traceable)

  •  OPSWAT MetaDefender

  • Terraform

• Experience with distributed systems – microservices, K8s, etc

Equinix is committed to ensuring that our employment process is open to all individuals, including those with a disability.  If you are a qualified candidate and need assistance or an accommodation, please let us know by completing this form.

Equinix is an Equal Employment Opportunity and, in the U.S., an Affirmative Action employer.  All qualified applicants will receive consideration for employment without regard to unlawful consideration of race, color, religion, creed, national or ethnic origin, ancestry, place of birth, citizenship, sex, pregnancy / childbirth or related medical conditions, sexual orientation, gender identity or expression, marital or domestic partnership status, age, veteran or military status, physical or mental disability, medical condition, genetic information, political / organizational affiliation, status as a victim or family member of a victim of crime or abuse, or any other status protected by applicable law.