Senior Application Security Engineer

Does your passion make you seek for a fast-paced and dynamic working environment?

You just might be who we’re looking for - awesomeness to add to our already amazing Qmunity!

More than just a company of Customer Service Champions, Quantrics is now a leading Digital Services and IT/Software Solutions Provider.

With us, you will get to grow your professional career, work with our award-winning IT Dev Team, and gain fulfillment from significantly contributing to the global digital landscape.

Enjoy the following benefits: 

• Hybrid Set Up in any of our site (Taytay, San Mateo, Naga, or in our upcoming Ortigas site)
• Too far? We provide relocation assistance. (Terms and condition apply)
• Salary is based on experience, starting at PHP 100,000
• HMO upon day 1 + 2 dependents free up to 75 y/o
• 6 months paid maternity/paternity leave 
• Pay per performance, bonuses and so much more!  

• Perform in-depth penetration tests of web applications and APIs.
• Conduct manual and automated security assessments and source code reviews of web applications to identify vulnerabilities and weaknesses.
• Apply advanced skills, knowledge and experience to bypass existing security measures
• Contribute to the development, adoption, and enforcement of application security standards, controls.
• Participate in threat modeling and secure source code reviews 
• Actively participate and lead secure architectural design sessions.
• Track security vulnerabilities and work with development teams to remediate open issues within agreed-upon timeframes.

• 3+ years of hands-on, in-depth experience in application penetration testing in support of product development and enterprise goals.
• Experience with web and API attack and mitigation methods, security assessments and penetration testing.
• Knowledge of open security standards such as OWASP Top 10, OWASP ASVS, SANS Top 25, CWE, NIST
• Security testing tools including OWASP Zed Attack Proxy, Burp Suite, Postman.
• Solid understanding of common web application technologies, languages, and frameworks.
• In-depth knowledge of common software vulnerabilities and a strong understanding of methods to identify and remediate vulnerabilities.
• Web application firewall (WAF)
• SAST, DAST and IAST tools
• Programming experience in .NET, C# and Java
• Experience with Web Services such as JSON, XML and REST Technologies 
• Experience in advocating security best practices for third party integrations (e.g. Cloud solutions, third-party libraries, etc.).
• Knowledge of secure coding principles and best practices for web applications

#LI-JD1