Application Security Engineer

Application Security Engineer

Application Security EngineerRemote USAs an Application Security Engineer, you will work closely with members of the CIO, Information Security and Product Development teams with the goal of helping to identify, mitigate and remediate security risks throughout the application portfolio. The right candidate is a self-starter with excellent development skills to perform duties such as, but not limited to, research and development of secure coding methodologies, providing experienced guidance pertaining to secure application development design and testing.Key Responsibilities:With Information Security, implement a Secure Development Life Cycle PolicyPerform risk based, technical assessments of applications, using both dynamic and static scanning tools, produce reports, and work with development teams to ensure vulnerabilities are remediated within agreed SLA’sEnable development teams to automate and effectively employ application security tools, such as static application security testing (SAST), dynamic application security testing (DAST), and source component analysis/dependency analysisGuide development teams on application and system level security and privacy architecture to meet company and regulatory requirementsDevelop a formal Application Security Verification StandardEnsure quality web application security audits to ensure internal and industry standards, procedures, and methodologies are being followedConsult with other IT teams as required on application security practices, questions about vulnerabilities, and identify remediation approachesAssist with the creation of training materials to educate developers and other stakeholders about key application security concepts.Perform routine monitoring and audits of systemsLead the Application Risk Assessment program and conduct application risk assessmentsMaintain and update policies and procedures for Application Risk Assessment program based on HITRUST Security FrameworkCollaborate on critical IT managers to ensure that application security issues are addressed throughout the manager life cycleFollow detailed operational procedures to appropriately analyze, escalate, and assist in remediation of application security incidentsParticipate in the execution of application security auditsKeep up-to-date with industry changes by attending training, understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizationsMinimum Qualifications:Bachelor’s degree in Computer Science, Information Security/Cyber Security or equivalent3+ years previous experience in information security5+ years experience working within software developmentFirm understanding of enterprise class application architectures that are highly scalable and reliable and the ability to secure themExperience of security architecture and design reviewsAbility to effectively work as part of a cohesive and agile teamExcellent problem-solving skills requiredSelf-starter with the ability to work with minimal supervisionDetailed, control oriented, and thorough professional communication skills (written, verbal) in English and be able to work with both highly technical and non-technical individuals.Preferred Qualifications:In-depth knowledge of web application vulnerabilities and exploitation techniques, SDLC, and identity and access managementExperience in application and infrastructure security practices and standards (such as OWASP, CIS, SDLC)Web application development experience in Java, Python and GoExperience reviewing code for vulnerabilities in Java, Python, Go, Javascript/jQueryKnowledge of white hat hacker tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Wireshark and source code analyzersFamiliarity in application security scanning technologies (Veracode, AppScan) such as static application security testing (SAST), dynamic application security testing (DAST), single sign-on, and encryptionFamiliarity with cloud-based (e.g., AWS, Oracle) application development services and toolsFamiliarity with security and privacy compliance requirements, such as HIPAA, PCI, GDPR, and California CCPAUnderstanding of Single Sign-on technologies and SAMLExcellent problem-solving skills requiredSelf-starter with the ability to work with minimal supervisionDetailed, control oriented, and thorough professional communication skills (written, verbal) in English and be able to work with both highly technical and non technical individualsIf interested please email your resume to ssingh@infotechsourcing.com. 

No Comments

Sorry, the comment form is closed at this time.