Vacancy expired!
Location: Chicago is the preferred location, the team sits in Chicago officeReports into Director of Application Security
Job Spec: Title: Application Security Engineer Location: Chicago, New York Overview: Application Security is responsible for building out and maintaining the application security program that includes application security testing, penetration testing, application security standards, developer training, and application security vulnerability management. The group is part of the wider Technology Risk Group. We are seeking a highly motivated and detail-oriented application security engineer to join our team in Chicago or New York. In this role, you will be responsible for ensuring the security of our software and systems through a variety of tasks, including conducting security assessments, writing and reviewing code, and responding to security incidents and threats. Application security engineers are constantly assessing applications for weaknesses and finding resolutions before they can be abused. You will work closely with development and IT teams to identify and address security vulnerabilities and implement security controls, policies, and procedures. Responsibilities: Conduct security assessments to identify vulnerabilities in software and systems Write and review code to ensure it follows secure coding practices Analyze security vulnerabilities to identify appropriate mitigation and remediation actions Collaborate with development teams to incorporate security best practices into the software development life cycle Aid with secure coding training program for developers and the implementation of a new security champion program Perform administrative maintenance for DAST and secure coding training tools Work with the cloud platform teams to implement SAST and DAST tools into the service lifecycle Help with the expansion of the use of the SCA tool to identify vulnerabilities in opensource components in COMPANY s applications. Assist with executing the application security vulnerability management processes, including utilizing automation to reduce human workload Analyze and respond to security incidents and threats Participate in the design and implementation of security controls, policies, and procedures Research and stay up-to-date on the latest security trends and technologies Use security standards and implementation configurations, as well as common security frameworks Align with architects and development teams for a mission of secure design. Train developers and junior application security engineers on weaknesses to avoid Respond to and handle service tickets within SLA expectations. Develop security test plans. Identify deficiencies and make enhancements to ensure production is not impacted Drive security efficiencies, enabling security team members to work on more advanced tasks Required: Bachelor's degree in Computer Science, Information Technology, or a related field 2-4 years of experience in application security or a related field Strong understanding of computer science and security principles Proficiency in software development (Java, Python, JavaScript, etc.) Understanding of network and web protocols Experience in communicating business risk of cybersecurity issues Understanding of how continuous integration and continuous deployment (CI/CD) processes work and experience working with different CI/CD tools (Bamboo, Jenkins, Azure Devops, AWS Code Deploy) Experience working with different version control software (Git, Subversion) and experience working with different source code management tools (GitHub, Bitbucket) Excellent problem-solving and communication skills Experience with security of intra-company and third-party APIs Experience with static and dynamic application security testing tools Experience with applications hosted in Amazon Web Services (AWS) Experience with SAST, DAST, and SCA tools and analyzing the results from the tools to help development teams prioritize the vulnerabilities Experience with evaluating opensource libraries for security risk Experience in application security vulnerability management Experience in managing developer training and security champion programs Desirable: Master s degree in cybersecurity or related field of study Experience with applications hosted in Microsoft Azure Experience with cryptography controls and measures to secure applications and data Experience with various types of .NET applications DevOps background in public and private clouds Experience in writing application security documentation (policies, standards, procedures, etc.) Certifications: GWAPT, GCSA, GWEB, CISSP, CEH, CSSLP, CASE, etc. Intellectual curiosity: demonstrates a thirst to understand current application security risks in the industry and how to protect against them Thinks analytically: applies methodologies appropriately and insightfully in reaching structured decisions Team work: able to work collaboratively as part of a multi-cultural and multi-location team Self-starter: able to work independently where required Can cope with time pressure and deadlines Pays close attention to detail Communicates effectively Project management mindset in carrying out initiatives The role may require occasional travel.Note: Any pay ranges displayed are estimations. Actual pay is determined by an applicant's experience, technical expertise, and other qualifications as listed in the job description. All qualified applicants are welcome to apply.Yoh, a Day & Zimmermann company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.Visit