Address
Form of workJob Description
Application Security Engineer
Position Overview
*Notes on this position:
- The position is targeted for someone with around 5 years or more of experience in Application Security
- Areas of focus for this role:
- Attestation with SaaS or OTS applications in which the person will review the product documentation in regard to their security posture (SOC 2) and analyze if their controls are acceptable to Company standards (Experience in SOC 2 compliance and in interpreting vendor SOC 2 information)
- Aide teams in fixing vulnerabilities
- Review and maintain the evidence repository
- Update the dashboard with current status of each teams' platforms against security controls
- Required skills and experience listed below must be in the experience of all candidates submitted.
Position Overview
Responsible for participating in Application Security assessments and remediation activities while working closely with application development teams ensuring the teams adhere to the secure software development lifecycle (SSDLC) framework. This involves gaining knowledge of the business processes involving network, architecture, relationship between systems, and systems flow of end-to-end designs with an Application Security focus.
Responsibilities
- Configures Application Security static and dynamic scanning
- Interprets dynamic and static security scan results and ensures proper technology risk considerations are addressed for the secure software development life cycle (SSDLC)
- Evangelizes Application Security program fundamentals, tools, processes among delivery teams
- Coordinates testing activities including traditional penetration testing as well as developing automated security QA testing
- Participates in threat modeling, code reviews, and design reviews for security/privacy.
- Provides consultations and guides development teams toward best practices across all stages of the SSDLC process
- Automates and integrates security into development processes and CI/CD pipelines
- Interprets corporate security guidelines to cloud adoption framework
- Creates “detective” reporting using automation techniques
- Perform other duties as assigned.
Requirements
Requirements
- 2+ years' experience in information systems security.
- Knowledge of OWASP Top Ten Application Security assessments and code reviews
- Knowledge of security testing tools such as Burp Suite or Zed Attack Proxy.
- Working knowledge of SAML, OAuth, Kerberos, Okta (or equivalent software) and secure software development lifecycle SSDLC methodology
- Experience in SOC 2 compliance and in interpreting vendor SOC 2 information.
- Outstanding communication, analytical skills and ability to function in a globally diverse work environment with communication among many teams.
- 5+ years' experience in information systems security.
- Experience in languages like JavaScript, Groovy, Python/Shell/AWK a plus.
- Experience in GDPR compliance, NIST 800-53 security controls
- 1 + years of experience with public and hybrid cloud environments.
- The following certifications are not mandatory but considered an asset: GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), GIAC Web Application Defender (GWEB)
- Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.) experience preferred
