Senior Application Security Engineer

Calabasas, CA
San Diego, CA
Woodridge, IL

Job Description:

This is an exciting time for PlanetArt’s Information Security team. In this position you will be an integral part of a developing and expanding Application Security program. The Senior Application Security Engineer is a vital role that helps to provide assurance for PlanetArt’s critical applications and securely enables business functions. We’re looking for a person who is just as passionate about uncovering a security vulnerability as you are about educating developers on how to fix it. Your focus will be on helping to build and maintain an Application Security program that can be used as the benchmark for our industry.

Primary Responsibilities:
  • Demonstrate and promote Secure Software Development Life Cycle
  • Work with security researchers and developers to resolve security issues in our stack
  • Evaluate and classify findings from SAST, Pen Tests, SCA and externally reported sources
  • Perform security testing on internally developed applications and clearly document findings and recommendations
  • Develop and implement security fixes and assist development teams in the same
  • Assist in the development of secure code libraries
  • Act as technical liaison between Information Security and application development teams, including guiding teams towards strong application security practices and remediating known risks
  • Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms
  • Develop internal processes and suggest improvements for increased security and efficiency
Minimum Qualifications:
  • 6-8 years working as a developer and 1-3 years specifically in application security
  • Must be well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude.
  • Must have understanding of various systems technologies, architecture fundamentals, next-generation technology and very strong security understanding
  • Proven communication skills, the ability present information clearly and concisely to all levels of management both formally and informally/li>
  • Familiarity with OWASP top 10 vulnerabilities, mitigations and their impact on application architecture
Preferred Qualifications:
  • Experience in deploying and maintaining security controls within various public cloud environments (AWS, Azure, Google)
  • A history of uncovering, exploiting, and remediating application and system security flaws
  • A deep understanding of coding and scripting languages such as .NET, Python and PHP, and the ability to easily switch between a variety of languages quickly
  • Knowledge of and experience with manipulating protocols and libraries in order to compromise the security of a set of systems or code
  • Working knowledge of code versioning tools like Git and continuous delivery tools like Jenkins
  • Experience with application security testing including SAST, DAST and SCA
  • Experience managing and maintaining an enterprise bug bounty program
  • Experience performing internal architecture and engineering related assessments/reviews
  • Experience working cross functionally with multiple teams to achieve goals
  • Understand information security concepts, protocols, and industry best practices
Additional Qualifications:
  • Hands on experience in both using and securing both Linux and Windows based systems and containers./li>
  • Hands on experience with Docker or other container solutions
  • Familiarity with different styles of source control and CI/CD pipeline
  • Experience with database technologies
  • Relevant security certifications (SANS/GIAC, CISSP, CSSLP, OCSP, etc.) are highly desirable
  • Proven risk assessment and mitigation skills
How to Apply:

Please submit your resume and cover letter to

We look forward to hearing from you! - Check us out!