Esri, Inc.

Returning Candidate?

Application Security Engineer

Application Security Engineer

Job Category 
Software Development/Engineering
Job ID 

More information about this job


Are you an experienced software developer who craves more variety in your work? In this role, you'll work with development teams to design and build secure solutions, participate in and coordinate penetration testing activities, and generally solve security challenges at massive scale. You will ensure that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, and quickly reacting to new threat scenarios. Bottom line, you love to write/read code and have a strong curiosity in exploring and testing software with unintended use cases and improving the ability of software to withstand attacks.


  • Read and understand (debug) code written by others, enabling ability to troubleshoot and determine a root cause
  • Provide significant secure coding contributions to multiple groups throughout Esri, including the software security team
  • Develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices
  • Foster constructive dialogue and seek resolution when confronted with discordant views
  • Participate fully in the planning of the software security team's work and constantly seek opportunities for process improvement
  • Become a sought-out security resource while having an understanding of the application of information security in a broad range of technical areas
  • Utilize a combination of troubleshooting, technical, and communication skills to handle a mix of disparate tasks which may include project and software development work
  • Perform application security reviews and penetration testing as well as project/research work as needed
  • Lead security training and outreach to internal development teams
  • Provide security guidance documentation and security tool development; facilitate delivery and improvement of security metrics


  • Minimum of two years of experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration, and network security
  • Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)
  • Intermediate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security
  • Knowledge of relational databases such as SQL Server, Oracle, PostgreSQL, or DB2
  • Experience with various platform architectures including server, desktop, mobile, Linux, and Windows
  • Experience developing middleware software components using core Java, Servlets, JSP, EJBs
  • Proficient with development frameworks and languages (e.g., Java, C/C++, .NET, C#, Python, Perl, Objective C, Swift, etc.) and in writing secure code
  • Experience developing code in a popular Java IDE, i.e. Eclipse/IntelliJ IDEA
  • Fundamental understanding of web services including SOAP and REST
  • Bachelor's in computer science or related field, or equivalent work experience

Recommended Qualifications: 

  • Good understanding of cloud computing platforms and services such as Amazon S3, SQS, EC2 and Azure services such as Blob Service, Table Service, etc.
  • Knowledge of common application security and code analysis tools, (e.g., Fortify, Coverity, AppScan, WebInspect, Veracode, Acunetix)
  • Extensive knowledge of the OWASP Top 10 and CWE Top 25
  • Experience implementing security solutions at the business division level
  • Experience exploiting web and web services security vulnerabilities including cross-site scripting, CSRF, SQL injection, XML/SOAP and API attacks
  • An understanding of network and web-related protocols such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing
  • Information security certifications (GPEN, OSCP, OSCE, OSWE, CEH, SSCP)


The Company

Our passion for improving quality of life through geography is at the heart of everything we do. Esri’s geographic information system (GIS) technology inspires and enables governments, universities, and businesses worldwide to save money, lives, and our environment through a deeper understanding of the changing world around them.


Carefully managed growth and zero debt give Esri stability that is uncommon in today's volatile business world. Privately held, we offer exceptional benefits, competitive salaries, 401(k) and profit-sharing programs, opportunities for personal and professional growth, and much more.


Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.