Sr. Application Security Engineer at Fortinet
Sunnyvale, CA 94085
About the Job
Fortinet is looking for a Sr
Application Security Engineer to join the Corporate Information Security team
This is a highly technical role, with responsibilities conducting security reviews on various Fortinet applications, providing security education to our engineers and handling externally reported vulnerabilities.Key Responsibilities:Serve as an application security subject matter expert who provides guidance to internal teamsWork closely with development teams, perform code reviews, penetration tests, and architectural reviews on existing codes and new features.Develop, implement, and communicate vulnerability mitigation strategies to development teamsHandle externally reported vulnerabilities as a member of Corporate Information Security Responsible Disclosure Program committee. Drive Fortinet static and dynamic application security testing program.Develop strategies, evaluate solutions, design and implement tools, processes and controls to ensure that security and privacy are designed in Fortinet applicationsAdvise development teams on SDLC best practices.Proactively research new attack vectors on applications that may affect Fortinet applications and infrastructure.Be part of a global distributed team to share knowledge, workload and assignments
Strong sense of teamwork is required
Coach peers in application security concepts and best practices.Required Skills/Experience:5+ years of work experience as an Information Security Researcher or Engineer3+ years of experience with manually auditing source code to find security issues or programming skills in one or more of: Java, .NET, Python or JavaScript frameworks.Strong understanding on OWASP TOP 10 vulnerabilities.Strong understanding of common API security risksStrong understanding on Cloud-Native application architecture, microservices, containerization technologies, secure deployment and implementation issues.Proven experience in application penetration testingProven experience in security code reviewProven experience in application security testing (DAST, SAST, IAST, SCA) tools and processesStrong foundation in computer and network security, authentication & authorization, security protocols and applied cryptographySolid understanding with web security standards such as CSP, SOP, CORS, and emerging web security technologies.Solid understanding on CI/CD pipelines, build systems and DevSecOps principles.Experience defining security architecture patterns and standards in a large enterprise organization.Experience with cloud-based security solutions and familiarity with cloud service providers, particularly in relation to application securityEfficiency with web proxies such as Burp or OWASP ZAP or FiddlerUnderstanding of OAuth and JWT implementations.Ability to organize & communicate effectively, both written and verbal, with technical and non-technical people across functional teamsA BS degree in Computer Science, Cyber Security, other tech-related degree, or equivalent experience.Experience in Cloud Security Posture Management (CSPM) and/or Application Security Posture Management (ASPM) tools is a plus. Having OSWE OSCP, GWEB, GPEN or similar certificate is a plusExperience in Mobile Application Penetration Testing is a plusThe US base salary range for this full-time position is $150,000-$200,000
Fortinet offers employees a variety of benefits, including medical, dental, vision, life and disability insurance, 401(k), 11 paid holidays, vacation time, and sick time as well as a comprehensive leave program.Wage ranges are based on various factors including the labor market, job type, and job level
Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.All roles are eligible to participate in the Fortinet equity program, Bonus eligibility is reviewed at time of hire and annually at the Company’s discretion.Why Join Us:We encourage candidates from all backgrounds and identities to apply
We offer a supportive work environment and a competitive Total Rewards package to support you with your overall health and financial well-being.Embark on a challenging, enjoyable, and rewarding career journey with Fortinet
Join us in bringing solutions that make a meaningful and lasting impact to our 660,000+ customers around the globe.#LI-BHAVYA#GDFortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world
Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future
Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments
Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.We are committed to providing reasonable accommodations for all qualified individuals with disabilities
If you require assistance or accommodation due to a disability, please contact us at
We value diversity in our company, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, military/veteran status or any other applicable legally protected characteristics in the location in which the candidate is applying.Full timePosting Date: 2024-08-26
Application Security Engineer to join the Corporate Information Security team
This is a highly technical role, with responsibilities conducting security reviews on various Fortinet applications, providing security education to our engineers and handling externally reported vulnerabilities.Key Responsibilities:Serve as an application security subject matter expert who provides guidance to internal teamsWork closely with development teams, perform code reviews, penetration tests, and architectural reviews on existing codes and new features.Develop, implement, and communicate vulnerability mitigation strategies to development teamsHandle externally reported vulnerabilities as a member of Corporate Information Security Responsible Disclosure Program committee. Drive Fortinet static and dynamic application security testing program.Develop strategies, evaluate solutions, design and implement tools, processes and controls to ensure that security and privacy are designed in Fortinet applicationsAdvise development teams on SDLC best practices.Proactively research new attack vectors on applications that may affect Fortinet applications and infrastructure.Be part of a global distributed team to share knowledge, workload and assignments
Strong sense of teamwork is required
Coach peers in application security concepts and best practices.Required Skills/Experience:5+ years of work experience as an Information Security Researcher or Engineer3+ years of experience with manually auditing source code to find security issues or programming skills in one or more of: Java, .NET, Python or JavaScript frameworks.Strong understanding on OWASP TOP 10 vulnerabilities.Strong understanding of common API security risksStrong understanding on Cloud-Native application architecture, microservices, containerization technologies, secure deployment and implementation issues.Proven experience in application penetration testingProven experience in security code reviewProven experience in application security testing (DAST, SAST, IAST, SCA) tools and processesStrong foundation in computer and network security, authentication & authorization, security protocols and applied cryptographySolid understanding with web security standards such as CSP, SOP, CORS, and emerging web security technologies.Solid understanding on CI/CD pipelines, build systems and DevSecOps principles.Experience defining security architecture patterns and standards in a large enterprise organization.Experience with cloud-based security solutions and familiarity with cloud service providers, particularly in relation to application securityEfficiency with web proxies such as Burp or OWASP ZAP or FiddlerUnderstanding of OAuth and JWT implementations.Ability to organize & communicate effectively, both written and verbal, with technical and non-technical people across functional teamsA BS degree in Computer Science, Cyber Security, other tech-related degree, or equivalent experience.Experience in Cloud Security Posture Management (CSPM) and/or Application Security Posture Management (ASPM) tools is a plus. Having OSWE OSCP, GWEB, GPEN or similar certificate is a plusExperience in Mobile Application Penetration Testing is a plusThe US base salary range for this full-time position is $150,000-$200,000
Fortinet offers employees a variety of benefits, including medical, dental, vision, life and disability insurance, 401(k), 11 paid holidays, vacation time, and sick time as well as a comprehensive leave program.Wage ranges are based on various factors including the labor market, job type, and job level
Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.All roles are eligible to participate in the Fortinet equity program, Bonus eligibility is reviewed at time of hire and annually at the Company’s discretion.Why Join Us:We encourage candidates from all backgrounds and identities to apply
We offer a supportive work environment and a competitive Total Rewards package to support you with your overall health and financial well-being.Embark on a challenging, enjoyable, and rewarding career journey with Fortinet
Join us in bringing solutions that make a meaningful and lasting impact to our 660,000+ customers around the globe.#LI-BHAVYA#GDFortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world
Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future
Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments
Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.We are committed to providing reasonable accommodations for all qualified individuals with disabilities
If you require assistance or accommodation due to a disability, please contact us at
accommodations@fortinet.com.Fortinet
is an equal opportunity employerWe value diversity in our company, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, military/veteran status or any other applicable legally protected characteristics in the location in which the candidate is applying.Full timePosting Date: 2024-08-26