Application Security Engineer at Digital Nomadic Solutions

Position Title: Application Security Engineer  

Department: Cybersecurity 

Location: Remote 

Type: Project-based  

About Us: Digital Nomadic Solutions (DNS) is committed to delivering top-tier cybersecurity solutions to protect our clients' digital assets. We seek a highly skilled Application Security Assessment Expert to join our dynamic team as an independent contractor. This role emphasizes securing web and mobile applications hosted on Azure through comprehensive vulnerability assessments and penetration testing. 

Position Overview: The Application Security Engineer will conduct security assessments of web and mobile applications hosted on Azure, identify vulnerabilities, and recommend mitigation strategies. This role requires extensive knowledge of web application security, mobile application security, and penetration testing methodologies within the Azure environment. Additionally, expertise in assessing applications built with frameworks such as React.js, Angular, and Vue.js is essential. The primary focus will be on assessing a statewide registry website with a custom Applicant Tracking System (ATS). 

Key Responsibilities: 

1. Web Application Security Assessment on Azure: 

• Conduct thorough security assessments of web applications hosted on Azure. 

• Perform static and dynamic code analysis within Azure environments. 

• Utilize automated tools and manual testing techniques to identify security weaknesses in Azure-hosted applications. 

• Analyze and interpret security test results, providing detailed reports and remediation recommendations specific to Azure. 

1. Mobile Application Security Assessment: 

• Conduct security assessments of mobile applications across iOS and Android platforms within Azure environments. 

• Evaluate mobile application architecture, code, and design for security vulnerabilities in Azure. 

• Perform static and dynamic analysis of mobile applications hosted on Azure. 

• Provide comprehensive reports and recommendations for improving mobile application security within Azure. 

1. Penetration Testing on Azure: 

• Develop and execute comprehensive penetration testing plans and methodologies tailored to assess database security. 

• Perform thorough penetration testing on databases to identify vulnerabilities, weaknesses, and potential entry points for unauthorized access. 

• Simulate real-world attacks to identify security weaknesses and potential exploits specific to Azure environments. 

• Develop and deploy custom scripts and tools to enhance penetration testing efforts on Azure. 

• Document findings and collaborate with development teams to implement security fixes in Azure. 

1. Azure Website Vulnerability Assessment: 

• Conduct regular vulnerability assessments on websites and web applications hosted on Azure. 

• Use a combination of automated scanners and manual testing techniques within Azure environments. 

• Identify and document vulnerabilities, providing actionable recommendations for remediation specific to Azure. 

• Stay updated on the latest security threats, vulnerabilities, and industry best practices related to Azure. 

1. Framework-Specific Security Assessment: 

• Assess and secure applications built with frameworks such as React.js, Angular, and Vue.js. 

• Identify common vulnerabilities in these frameworks and provide remediation strategies. 

• Collaborate with development teams to integrate security best practices for these specific frameworks. 

• Provide detailed security assessments and recommendations for applications using these frameworks. 

1. Collaboration and Communication: 

• Collaborate with development, operations, and IT teams to integrate security into the development lifecycle within Azure. 

• Effectively communicate security findings and recommendations to technical and non-technical stakeholders. 

• Provide guidance and support to development teams in implementing security controls and best practices in Azure. 

1. Documentation and Reporting: 

• Create detailed security assessment reports, including findings, risk analysis, and remediation guidance specific to Azure. 

• Maintain documentation of security assessment processes, tools, and methodologies used in Azure. 

• Track and report on the status of identified vulnerabilities and remediation efforts within Azure. 

Qualifications: 

• Bachelor’s degree in Computer Science, Information Security, or a related field. 

• Minimum of 5 years of experience in web and mobile application security assessment, with a focus on Azure. 

• Familiarity with GDPR, CCPA, HIPAA, PIPEDA, PDPA, POPIA, and LGPD to ensure compliance and effective data protection strategies. 

• Strong knowledge of OWASP Top Ten, SANS/CWE Top 25, and other relevant security standards. 

• Proficiency in using security assessment tools (e.g., Burp Suite, OWASP ZAP, Nessus, Nmap) within Azure environments. 

• Experience with static and dynamic code analysis tools in Azure. 

• Strong understanding of secure coding practices and common vulnerabilities in Azure. 

• Expertise in assessing security for applications built with React.js, Angular, and Vue.js. 

• Excellent problem-solving skills and attention to detail. 

• Relevant certifications (e.g., AZ-500, OSCP, CEH, CISSP, GWAPT, GMOB) are a plus. 

Soft Skills: 

• Excellent communication and interpersonal skills. 

• Ability to work independently and as part of a team. 

• Strong analytical and critical thinking abilities. 

• Commitment to continuous learning and staying updated on cybersecurity trends, especially related to Azure and modern web frameworks.