At Remotebase, we're more than just a job search platform – we're a thriving remote work community that bridges the gap between top tech talent and leading clients. Join us and become part of our journey towards success!We're seeking a skilled and passionate SAST Focused AppSec Engineer to join our dynamic team. In this role, you will play a crucial part in ensuring the security and integrity of our software applications. If you're excited about code reviews, vulnerability detection, and crafting secure software, this opportunity is perfect for you. ResponsibilitiesAs a SAST Focused AppSec Engineer, you will:

• Assist in enhancing client's Semgrep rules to effectively detect vulnerabilities and reduce false positive matches
• Develop new Semgrep rules tailored to identify vulnerabilities specific to various web frameworks
• Create both positive and negative test cases to validate the accuracy and effectiveness of Semgrep rules
• Write clear and formal descriptions of identified vulnerabilities, along with actionable remediation steps

Requirements

• Experience in conducting security code reviews across a range of programming languages, including Python, Java, Go, C#, JavaScript, and C/C++
• Software engineering experience (outside of security)
• Proficiency in working with different web frameworks and understanding their security implications
• The ability to identify and categorize vulnerabilities and vulnerability classes that are specific to different programming languages
• Previous hands-on experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools
• A solid understanding of sources, sinks, and sanitizers in the context of SAST
• Familiarity with concepts like Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Vulnerability Scoring System (CVSS)
• The capability to mentally trace data and control flow when analyzing applications for vulnerabilities
• Experience level desired would be 3-6 years.

A Plus:The following qualifications would be a plus:

• Prior experience in creating SAST rules, especially for tools like Semgrep or other SAST solutions
• A background in software development, enabling you to comprehend and produce secure code
• Direct involvement in SAST tool development, demonstrating your hands-on expertise
• Proficiency in program analysis techniques

Benefits

• Competitive compensation package
• Flexible remote work options
• Opportunities for learning and professional growth
• Collaborative and innovative work environment

If you're passionate about software security, excited to uncover vulnerabilities, and dedicated to enhancing application safety, we invite you to apply for our SAST Focused AppSec Engineer role. Join us in our mission to create secure, reliable, and resilient software solutions.