Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Location Remote in United States
Preferred GIAC Certifications GPEN, GWAPT, GCPN, GDAT
Travel 0%
Salary Open for discussion
Contact Name JAYA
Contact Email 100000/at/
Expires 2021-12-12

Job Description



Cofense is looking for an Application Security Engineer III to help design, build, test, and deploy secure software. You will be a hands-on contributor to the security of Cofense products as well as become a leader and subject matter expert in Cofense product security. The Application Security Engineer III is responsible for assisting the Development, Production Engineering, and Security Operations teams with application-level security assessment and threat mitigation.

Who you are:

Someone who enjoys tinkering and figuring out how things work
Someone who loves programming and software development
Someone who’s passionate about security and helping to ensure a secure SDLC
A team player who can work collaboratively with software teams
Able to think creatively to solve challenging problems
Able to think like an attacker and identify threats
Able to find the signal in the noise of security tool reports
Comfortable configuring security tooling in CI/CD pipelines
Who we are:

Cofense is a leader in phishing attack prevention and detection. We combine a global network of 30 million people reporting phish with advanced AI-based automation to stop phishing attacks fast; and trusted by over half of the Fortune 500.

You Can Expect:

Within 30 days:

To have a working development environment and able to debug and contribute to products
To start attending a software teams standup and getting involved in their product development
To build a working relationship with a software team
To help triage, interpret, and address security tooling reports
To wire security tooling into CI/CD pipelines
To participate in a monthly security champion meeting
Within 90 days:

To conduct internal pentesting of a product
To become the point of contact on a products security
To perform security testing and security readiness evaluation of a product release
Within 180 days:

To be working with multiple software teams
To participate in secure architecture review / design discussions
To be helping to build and refine the overall Application Security Program

Help software engineers interpret and act on security reports
Security review of products, technologies, and services
Secure design, architecture, and implementation
Secure development life-cycle (SDLC) practices including threat modeling and security testing
Conduct application penetration testing
Create security focused guides and documentation
Develop security tools and automation
Develop and deliver security training

The above statements are neither intended to be an all-inclusive list of the duties and responsibilities of the job described, nor are they intended to be a listing of all of the skills and abilities required to do the job. Rather, they are intended only to describe the general nature of the job. This job description is not a contract of employment, either express or implied. Employment with Cofense will be voluntarily entered into and your employment is considered at will. Cofense reserves the right to alter the job description at any time without notice.


Solid understanding of the OWASP Top 10 and common security flaws.
Experience with SAST / DAST analysis
Intermediate to Advanced programming experience in at least 1 programming language. Java is preferred.
Experience working with software developers.
Excellent communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
Experience identifying security issues in code review and through manual penetration testing.
Experience conducting security reviews and threat modeling.
Cofense is committed to equal employment opportunity. We will not discriminate against employees or applicants for employment on any legally recognized basis [protected class] including, but not limited to: veteran status, uniform service member status, race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age, physical or mental disability, marital status, genetic information or any other status or characteristic protected by applicable national, federal, state or local laws and ordinances. We adhere to these commitments in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, and discipline.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)