Application Security Engineer

Posted 6 Hours Ago
New York, NY
Hybrid
Junior
AdTech • Consumer Web • Digital Media • eCommerce • Marketing Tech
Dotdash Meredith is America’s largest digital and print publisher.
The Role
As an Application Security Engineer, you will integrate security solutions into the software development lifecycle, collaborate with development teams to enhance CI/CD processes, conduct vulnerability assessments, and work on remediation efforts. Your role involves improving application security practices, reviewing security test results, and identifying security exposures.
Summary Generated by Built In

About Your Role: 

Dotdash Meredith is looking for an Application Security Engineer with a track record of innovative thinking, technical expertise, and collaboration. This role will be tasked with supporting software development teams, vulnerability management and remediation, and improving security coverage throughout the SDLC. 

As a valued member of the Security team, you will be responsible for helping to set technical direction, delivering technical projects, and collaborating with other groups within the organization. 

This position offers remote work flexibility; however, if you reside within a commutable distance to one of our main offices in New York, Des Moines, Birmingham, Los Angeles, Chicago, or Seattle, the expectation is to work from the office three times per month.

About Your Contributions: 

Solutions 

● Function as a subject matter expert for security solutions within the organization’s platform.

● Integrate security solutions into the SDLC process. 

● Work with development teams to improve the security of CI/CD processes by ensuring version control for source code, scanning code for vulnerabilities in the build pipeline, and ensuring public/private repositories are trusted and secure. 

● Design and develop coding standards across infrastructure, application, and data security, building out guidelines and standards to drive a standardized set of security requirements that align with internal policies and meet external compliance/regulatory requirements.

● Help evolve application security functions and services. 

Vulnerability Assessment 

● Prioritize, triage and remediate vulnerabilities and findings from security scans and bug bounty programs. 

● Review security test results from vulnerability scans and penetration tests and propose appropriate remediation measures or mitigation controls, conduct a remediation plan and supervise its progress. 

● Improve and support application security tool deployments including static analysis, dynamic testing and software composition analysis tools. 

● Conduct security code reviews for various languages and frameworks of web and mobile applications. 

● Identify security exposures and develop mitigation plans. 

● Investigate and report vulnerabilities in systems and platforms. 

● Assess the application threat landscape through threat modeling and architecture reviews.

● Develop metrics and reporting on the posture of the application security program. 

About You: 

Technical Skills 

● 2+ years experience in a security technical role or software development. 

● Development experience in Java, JavaScript and Python. 

● Scripting and automation experience using RESTful API’s. 

Application Development and Security 

● Knowledge of SANS/CWE Top 25, OWASP Top 10 Application Security principals.

● Experience with application security tooling and processes, including code review, static code analysis, penetration testing, risk management, etc. 

● Strong knowledge and experience in implementing SDLC best practices. 

● Knowledge with Git and version control best practices. 

● Ability to innovate and find creative solutions that balance business needs with security needs.

● Familiarity with application layer assessment tools, such as local proxies and fuzzers.

● Familiarity with threat modeling and security design review methodologies. 

Infrastructure 

● Solid understanding of OSI model, TCP/IP, HTTP and TLS. 

● Knowledge of C.I.A. (confidentiality, integrity, availability) security principles and D.I.E. (distributed, immutable and ephemeral) security model. 

● Experience with data encryption, cryptography and encryption key management.

● Experience with configuration management and DevOps practices to ensure security is built into the SDLC process. 

Preferred Skills:

● Passion for application security and continuous learning. 

● Able to concisely communicate security risks to both technical and business audiences.

● Attention to detail. 

● Ability to work independently, and as part of a team. 

● Ability to multitask and prioritize work effectively.


Top Skills

Java
JavaScript
Python

What the Team is Saying

Vlada
Brian
Nabil
The Company
HQ: New York, NY
3,500 Employees
Hybrid Workplace
Year Founded: 1996

What We Do

Dotdash Meredith is America’s largest digital and print publisher. Our 40+ iconic and fast-growing brands harness the best intent-driven content, the fastest sites, and the fewest ads to help nearly 200 million people every month, including 95 percent of US women, make decisions, take action, and find inspiration. Dotdash Meredith brands include PEOPLE, Better Homes & Gardens, Verywell, FOOD & WINE, The Spruce, Allrecipes, Byrdie, REAL SIMPLE, Investopedia, Southern Living and more.

Why Work With Us

Dotdash Meredith has a people-first mentality - our audience, our employees, our teams. We take our role of providing the best content across the best brands very seriously and we are always looking to make sure that our teams have the space to be creative, innovate and try out new things.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Dotdash Meredith Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: 3 days a week
HQNew York, NY
Birmingham, AL
Chicago, IL
Des Moines, IA
Los Angeles, CA
Seattle, WA
Learn more

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account