Posting Job Description:
The Global Software R&D Organization is responsible for delivering innovative software products to support a wide range of intralogistics, material handling, and management solutions. These products play a major role in powering the logistics operations of enterprises in a wide range of industries worldwide including eCommerce activities.

We are looking for a hands-on, dynamic, and enthusiastic application security engineer to help drive our application security efforts. This is an exciting opportunity to join our application security efforts related to the development of various projects in IoT, Intralogistics, Control, Cloud, and Edge systems that aim to transform the industry.

The application security engineer is an important member of the Software R&D team. This role is hands-on application security that applies expertise in application security and knowledge of security best practices to the development of existing and future products. The application security engineer not only demonstrates the skills and knowledge of a seasoned hands-on security professional but also participates in efforts to enhance application security and development practices of product teams.

What we offer:

What We Offer:

• Career Development
• Competitive Compensation and Benefits
• Pay Transparency
• Global Opportunities

Dematic provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

The base pay range for this role is estimated to be $ 53,000-113,000 at the time of posting. Final compensation will be determined by various factors such as work location, education, experience, knowledge, and skills.

Tasks and Qualifications:

This is What You Will do in This Role:

• Support overall SSDLC activities to incorporate effective security for all product development (i.e. Security by Design and Security by Default.)

• Perform/arrange for static, dynamic, and penetration tests for development projects; work with project teams to evaluate the risk exposure of the findings; drive the effective design, prioritization, and implementation of remediating controls in collaboration with development teams.

• Develop, validate, and maintain an incident response plan and processes to address potential threats.

• Stay abreast of application security best practices, technology trends, tools, and frameworks.

• Hands-on experience of application security scanning tools and how to manage vulnerability findings: SAST, DAST, SCA

• Experience reviewing architecture design documents for security input.

• Must have experience with agile methodologies.

• Perform security manual and automated penetration testing of the web application, API’s and system.

• Provide vulnerability prioritization and guidance on remediation.

What We are Looking For:

• BS in Computer Science or related field; MS in Computer Science or related field, with information security specialization, preferred.

• 3+ years of technical experience in the application security

• 2+ years of manual penetration testing experience

• 2+ years of automated vulnerability scanning testing.

• Ability to interpret dynamic/static analysis tools and penetration test results.

• Experience in identifying and remediating Java applications

• Experience in identifying and remediating cloud-based applications

• Knowledge of application security aspects of industrial control networks is a plus

• Firm grasp of concepts and technology across all technology areas to be able to spot gaps and develop appropriate controls.

• Strong foundation and in-depth technical knowledge of security engineering, computer and network security, authentication, and security controls.

• Strong experience and in-depth knowledge of security standards and best practices (OWASP, SANS 25, etc.) as it related to cloud, web, and mobile applications.

• Ability to read and write one or more common programming languages such as Java, JavaScript, C/C++, and Python, including 2+ years of hands-on programming or script writing including 2+ years of working with cloud applications.

• Strong knowledge of core information security principles and concepts (including TLS, secure HTTP and MQTT, OAuth/OAuth2) including virtualization technologies

• Experience with security tools such as Snort, Nessus, Metasploit, Burp Suite, Nexpose, Veracode, Qualys, and Core Impact

• Hands-on experience securing cloud applications in GCP, AWS, and Azure cloud environment.

• Strong knowledge of security architecture, system, and network security

• Security certification CISSP, OSCP, CEH, or equivalent. Certifications related to cloud development/security are highly desirable.

Some positions in the U.S. may require vaccination against COVID-19. Where legally permitted or required, offers for such roles are contingent on the candidate providing proof of full vaccination against Covid 19 (currently one dose of the Johnson & Johnson vaccine or two doses of the Pfizer or Moderna vaccine). Candidates with medical issues or religious beliefs or practices that prevent them from getting the vaccine may request an exemption from the vaccine requirement.