Application Security Engineer

I have a full time opportunity for an Application Security Engineer for one of our financial services clients in Chicago. Please see the job description below and let me know if you are interested. If you have any questions, please let me know. You will be responsible for ensuring the security of our software and systems through a variety of tasks, including conducting security assessments, writing and reviewing code, and responding to security incidents and threats.

• Conduct security assessments to identify vulnerabilities in software and systems
• Write and review code to ensure it follows secure coding practices
• Analyze security vulnerabilities to identify appropriate mitigation and remediation actions
• Collaborate with development teams to incorporate security best practices into the software development life cycle
• Aid with secure coding training program for developers and the implementation of a new security champion program
• Perform administrative maintenance for secure coding training tools
• Work with the cloud platform teams to implement various tools into the service lifecycle
• Help with the expansion of the use of the tools to identify vulnerabilities in opensource components in our applications.
• Assist with executing the application security vulnerability management processes, including utilizing automation to reduce human workload
• Analyze and respond to security incidents and threats
• Participate in the design and implementation of security controls, policies, and procedures
• Research and stay up-to-date on the latest security trends and technologies
• Use security standards and implementation configurations, as well as common security frameworks
• Align with architects and development teams for a mission of secure design.
• Train developers and junior application security engineers on weaknesses to avoid
• Respond to and handle service tickets within SLA expectations.
• Develop security test plans. Identify deficiencies and make enhancements to ensure production is not impacted
• Drive security efficiencies, enabling security team members to work on more advanced tasks

• 2-4 years solid experience in application security or a related field
• Strong understanding of computer science and security principles
• Proficiency in software development (Java, Python, JavaScript, etc.)
• Understanding of network and web protocols
• Experience in communicating business risk of cybersecurity issues
• Understanding of how continuous integration and continuous deployment (CI/CD) processes work and experience working with different CI/CD tools (Bamboo, Jenkins, Azure Devops, AWS Code Deploy)
• Experience working with different version control software (Git, Subversion) and experience working with different source code management tools (GitHub, Bitbucket)
• Excellent problem-solving and communication skills
• Experience with security of intra-company and third-party APIs
• Experience with static and dynamic application security testing tools
• Experience with applications hosted in Amazon Web Services (AWS)
• Experience with evaluating opensource libraries for security risk
• Experience in application security vulnerability management
• Experience in managing developer training and security champion programs