Senior Application Security Engineer

IT Associates, Inc.
Rosemont, IL
28 Mar 2024

Vacancy expired!

6-12+ Month Contract

Location - Remote (must be located in Illinois) Our client is looking to add a Senior Application Security Analyst Consultant that will work closely with Application Development, Quality Assurance, Technical Services, and business teams to ensure our solutions are highly secure. You will leverage your advanced application security knowledge when leading security review sessions, participating in design sessions, defining functional requirements, and developing testing scenarios. You will ensure that risks are identified, and partner with the Application Development teams to ensure mitigation plans are developed and executed. You will embrace and recommend secure development practices to reduce design flaws which could lead to exploitation. Additionally, as a member of the Cybersecurity team you will collaborate with team members on broader information security program maturity efforts, strategic thinking, and other security-related initiatives. RESPONSIBILITIES:
  • Responsible for application security standards, assessments, and code review as part of the software development lifecycle
  • Collaborate with teams to perform internal and 3rd-party vulnerability and penetration testing
  • Coordinate with QA testers and developers to conduct repetitive validation testing throughout the development lifecycle
  • Leverage technical application testing capabilities to qualify findings and provide more specific remediation recommendations for resolution while reducing false positives
  • Focus on automation to aid in efficiencies with testing and remediation of security findings
  • Leverage the security community to understand any public-facing security issues and remediations, as well as to learn new tactics that can be used in testing
  • Participate in application efforts and change management processes to understand upcoming activities and provide thought leadership to ensure security processes are in place
  • Drive security awareness and evaluation earlier in the development lifecycle
  • Develop and leverage a technical security review process to ensure an automated and repeatable processes are managed
  • Utilize security standards and implementation configurations, and common security frameworks
  • Align with architects and development teams for a mission of secure design
  • Actively participate and lead security team meetings that facilitate secure design
  • Address service and escalation tickets within SLA expectations
  • Develop security test plans from architectural design; identify deficiencies and make enhancements to ensure production is not impacted
  • Work with Infrastructure and Cybersecurity teams to conduct performance testing to understand potential impacts on business innovation and day-to-day processes
  • Obtain and review all required artifacts as part of go/no go analyses at security checkpoint phases in the development cycle
  • Leverage secure coding standards that are based on industry-accepted best practices, such as OWASP Guide and SANS - CIS Critical Security Controls
  • Perform security activities, including security design reviews, threat modeling, and code auditing on internally and externally developed software
  • Assist with periodic security risk assessments, IT security audits, and management reporting
  • Educate, assess, design, implement, automate, and document security solutions and processes for Amazon Web Service (AWS), Microsoft Azure, and other SaaS applications and cloud platforms
  • Log and update all security incidents in the company’s ticketing system and update management regularly on the threats, mitigation plans, and status
QUALIFICATIONS:
  • BA/BS in Cybersecurity, Information Technology, computer science, or related field, or professional experience related to application design, development, and cloud architecture
  • Minimum 7 years’ experience with most or all the following - Cybersecurity, Security Operations, Application Security, Q/A testing, commonly used programming tools, workflows, and concepts
  • DAST/SAST/IAST solution evaluation, selection, implementation, operational use
  • Microsoft Azure and Dynamics 365 roles, permissions definition, and provisioning
  • Microsoft Office 365 Suite, including Word, Excel, PowerPoint, Visio, Outlook, Teams
  • Experience with Agile and DevOps development principles and processes
  • Understanding of all phases of product, software, and testing lifecycles
  • Clear and concise verbal and written communication skills
  • Excellent presentation skills
  • Ability to flow smoothly between strategic planning and tactical execution
  • .NET development or support experience highly preferred
PREFERRED QUALIFICATIONS:
  • 3+ years of experience in healthcare, finance, or benefits administration
  • Proficiency with a wide range of security tools such as Kali Linux, Microsoft Threat Modeling tools, Metasploit, Whitesource, other IAST/SAST/DAST tools
  • Hands-on experience with Azure DevOps, GitLab or other DevOps management solutions
  • Knowledgeable in SDLC, Agile and/or Waterfall methodologies
  • Knowledge of threat modeling and countermeasures
  • Experience with conducting Security Code Reviews
  • General knowledge of databases, applications, system interfaces, and operating systems
  • Understanding of relational databases, structures, and design
  • Moderate SQL knowledge
  • JAVA development or support experience
  • Experience with forensics and vulnerability management systems
  • Industry education and/or certifications are preferred
  • ID: #49572958
  • State: Illinois Rosemont 60018 Rosemont USA
  • City: Rosemont
  • Salary: Depends on Experience
  • Job type: Contract
  • Showed: 2023-03-28
  • Deadline: 2023-05-26
  • Category: Et cetera