Application Security Engineer

SUMMARY:
The Application Security Engineer is a critical part of the Twinspires Cyber Security program. In this role, the Application Security Engineer will interface directly with developers to ensure Twinspires web and mobile application vulnerabilities are prioritized and remediated correctly. This position will also be a key technical resource in administering and maintaining Twinspires suite of security testing tools, penetration testing Twinspires applications, and participating in third party assessments.
ESSENTIAL DUTIES AND RESPONSIBILITIES will include the following:

• Day to day operation, monitoring, and maintenance of Twinspires Application Security testing solution suite, including static code analysis, dynamic code analysis, mobile security testing, and software composition analysis.
• Serve as a resource to development teams on best practices for secure coding, security architecture, and vulnerability remediation.
• Evaluate new projects for potential Application Security vulnerabilities and collaborate with product and development teams on appropriate risk mitigations.
• Write automated scripting to aggregate data and metrics from security tools.
• Create documentation outlining Twinspires Application Security standards and practices.
• Provide evidence for and participate in third party assessments as needed.
• Manual penetration testing of Twinspires web and mobile offerings.
• Work with external development vendors to remediate vulnerabilities and design secure architectures.
• Other duties as assigned by Management.

REQUIREMENTS:

• Degree in in cyber security, information systems, computer since, or equivalent industry experience, program completion, or certifications.
• AWS Certified Cloud Practitioner or Solutions Architect Associate a plus.
• 2-3 years experience working in an information security program; Application Security related duties or projects a plus.
• Knowledge of the OWASP Top 10 Framework; Understanding of different web application vulnerabilities, their associated risks, and mitigation strategies.
• Python coding experience.
• Experience with security tools such as Sonarqube, Snyk, Invicti, NowSecure, Burp Suite, or equivalent.
• Foundational knowledge of Amazon Web Services (AWS).
• Ability to quickly learn complex systems, infrastructure services, and network-related technologies.
• Ability to work on multiple projects concurrently
• In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25
• Experience using web logs to identify threats
• Experience with the following technologies: Java, Java Spring, Spring Boot, Spring Data (JPA), Spring MVC, MySQL, WAF/CDN Akamai preferred, Cloud Platform AWS preferred
• Ability to obtain racing and/or gaming licenses as required in any jurisdictions where CDI operates. Gaming industry is highly regulated and as such demands an extensive background checks in order to obtain a license.