Vacancy expired!
- Looking for an Application Security Engineer to provide application security testing services to ensure consistent secure software development practices.
- Their focus is on building a DevSecOps culture working closely with their product and software development teams.
- In this role, you will serve as an expert by defining, supporting, and managing solutions that partner with cloud operations and application development teams to deliver business value for our client.
- Support continuous delivery of application vulnerability scanning, remediation, and reporting across various platforms and architectures
- Manage application vulnerabilities scanning tools (DAST, SAST, and SCA) such as Veracode, SonarQube, and OWASP Dependency Checker
- Onboard applications into SAST, DAST, and SCA scanning solutions
- Tune false positives and validate findings with our application development teams
- Provide education on security practices or methodologies to resolve vulnerabilities
- Develop, curate, and improve application security detections (static and dynamic) to identify vulnerabilities at scale
- Partner with the application development function to support streamlined, automated, and effective CI/CD pipeline security testing
- Drive a culture of DevSecOps, creating reporting and self-service capabilities to drive more ownership and accountability for security across functional teams
- Bachelor's Degree in Computer Science, related field, or an equivalent combination of education, training, and experience. Required.
- Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
- Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g. risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)
- Experience working with modern development practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines)
- Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g. FFIEC CAT, NIST, ISO, and PCI)
- Demonstrated ability to resolve sensitive issues with other departments and to present information to senior management
- Demonstrated analytical and problem-solving skills applied to both technical and business challenges
- The ability to relate business requirements and risks to technology implementation of security-related issues.
- Knowledge of security monitoring, diagnostic and administrative tools.
- Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA