Application Security Engineer

05 Dec 2024

Vacancy expired!

Application Security Engineer

What you’ll do:
  • Audit and support Application Services project delivery teams to ensure they are leveraging best practices and building an appropriate level of security into customer software.
  • Assess and test software and systems for potential vulnerabilities and communicate findings to teams and customers.
  • Build threat models and control catalogs for software teams; stay current on emerging threats.
  • Support enterprise security goals including PCI compliance and other privacy requirements.
  • Develop test plans, automation, and processes to validate that application security controls and features are correct and complete; audit controls and identify areas for improvement.
  • Select, deploy, and configure tools for security testing of applications and systems.
  • Capture and communicate security metrics for environments, systems, and applications.
  • Compiles, maintains, and documents a collection of software that can trace the source of and otherwise investigate attacks on the systems
  • Acts as a technical resource on information security incident investigations and forensic technical analyses.
  • Act as technical liaison between Information Security and application development teams, including guiding teams towards strong application security practices and remediating known risks
  • Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms
  • Review and analyze existing processes and suggest improvements for increased security and efficiency
  • Serves as an active member of the incident response team and participates in security incident response efforts by, among other things, having an in-depth knowledge of security systems, common security exploits, vulnerabilities, and countermeasures

Who you are:
  • Bachelor’s degree in Computer Science, Cybersecurity or a related field, or minimum of 5 years' experience in a related role or field.
  • Strong technical background and understanding of systems architecture and infrastructure, information security, and automation tools e.g., Terraform, Chef, Puppet, Ansible, Maven.
  • Strong understanding of Agile SDLC and DevSecOps concepts and practices.
  • Familiarity with web application frameworks, API technologies, and micro services.
  • Experience in one or more Object-Oriented programming language.
  • Experience in one or more vulnerability management platforms e.g., Tenable Security Center or Qualys.
  • Experience in one or more scripting languages (bash, python, power shell, etc.).
  • Experience applying security standards/guidelines (such as OWASP, CIS, etc.)
  • Strong understanding of Linux and Windows administration.
  • Strong understanding of Azure and Amazon Web Services
  • Strong understanding of fundamental TCP/IP and related network services (e.g. DNS, NTP, SNMP, SMTP, etc.) and network security design concepts.
  • Experience in 2 or more application security domains (e.g., Secure Coding, Cryptography, Penetration Testing, Vulnerability Assessment, Static and Dynamic Application Security Testing et.)
  • Integration level knowledge of API Security Architecture, and technologies such as, OAuth2, Spring Security, HMAC, WS-Security, WS-Trust, or XACML.
  • Ability to solve complex problems and communicate risks and technical concepts to both technical and non-technical audiences.
  • Excellent verbal and written communication skills.
  • Ability to context-switch between multiple projects, codebases, and concepts with ease.
  • Certified Application Security Engineer (CASE) or Certified Ethical Hacker (CEH) Certification

  • ID: #23904407
  • State: Arizona Scottsdale 85250 Scottsdale USA
  • City: Scottsdale
  • Salary: $100,000 - $125,000
  • Job type: Permanent
  • Showed: 2021-12-05
  • Deadline: 2022-01-30
  • Category: Systems/networking