Application Security Engineer

Quest Global is an organization at the forefront of innovation and one of the world’s fastest growing engineering services firms with deep domain knowledge and recognized expertise in the top OEMs across seven industries. We are a twenty-five-year-old company on a journey to becoming a centenary one, driven by aspiration, hunger and humility. We are looking for humble geniuses, who believe that engineering has the potential to make the impossible, possible; innovators, who are not only inspired by technology and innovation, but also perpetually driven to design, develop, and test as a trusted partner for Fortune 500 customers. As a team of remarkably diverse engineers, we recognize that what we are really engineering is a brighter future for us all. If you want to contribute to meaningful work and be part of an organization that truly believes when you win, we all win, and when you fail, we all learn, then we’re eager to hear from you. The achievers and courageous challenge-crushers we seek, have the following characteristics and skills:  We are looking for a hands-on, dynamic, and enthusiastic application security engineer to help drive our application security efforts. This is an exciting opportunity to join our application security efforts related to the development of various projects in IoT, Intralogistics, Control, Cloud, and Edge systems that aim to transform the industry.The application security engineer is an important member of the KION Supply Chain Solutions (SCS) Global Software R&D team. This role is hands-on application security that applies expertise in application security and knowledge of security best practices to the development of existing and future products. The application security engineer not only demonstrates the skills and knowledge of a seasoned hands-on security professional but also participates in efforts to enhance application security and development practices of product teams.Additional Job DescriptionThis is What You Will do in This Role / Key Responsibilities• Design, develop, and maintain automated security processes and tools to streamline security testing and monitoring within our software development pipelines.• Apply coding and testing standards, apply security testing tools including SAST/DAST scanning tools, and conduct code reviews. Apply Secure Software Development Lifecycle (SSLDC) methodologies across organization.• Identify basic common coding flaws at a high level. Perform penetration testing and integrated quality assurance testing for security functionality and resiliency attack as required for new or updated applications.• Perform risk analysis (, threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.• Direct the remediation of security findings and vulnerability prioritization, with development teams, encountered during testing and implementation of new systems or changes to existing systems.• Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.What We are Looking For / Qualifications• 5+ years of SAST/DAST scanning experience or 4+ years of penetration testing experience or 5 years of application security experience.• Experience with security tools such as Qualys, Nessus, SonarQube, Veracode, Burp Suite, Nexpose, Snort, or Metasploit• knowledge of security architecture, system, and network security• Strong experience and in-depth knowledge of security standards and best practices (OWASP, SANS 25, etc.) as it relates to cloud, web, and mobile applications• Experience in analyzing security of Java applications or cloud-based applications.• Ability to read and write one or more common programming languages such as Java, JavaScript, C/C++, Python, including 2+ years of hands-on programming or scriptwriting, including 2+ years of working with cloud applications• Strong Knowledge of Linux and Windows OS• Experience with cloud computing platforms (, AWS, Azure, GCP) and containerization technologies (, Docker, Kubernetes).Preferred• CISSP, CEH, OSCP, CompTIA Pen Test+, or GPEN• BS in Comp Science