Senior Application Security Engineer

Job Description:

Essential Duties & Responsibilities

• Assist in developing a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that such developed software is free of security vulnerabilities.
• Evaluate SDLCs and advise on applicable application security technologies and integration points.
• Implement application security technologies with SDLCs, including integration of technology, workflows, documentation, training, and other functions necessary to enable stakeholder success.

• Support development teams in managing day to day cyber security processes pertaining to development of software.
• Provide technical guidance to developers as it relates to cybersecurity.
• Ensure the reliable operation of application security technologies that support program objectives.
• Work with quality assurance teams to ensure that software is sufficiently analyzed by application security technologies and processes.
• Work with software development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
• Perform code analysis of large applications, manually and using SAST and DAST scanning solutions as well as conducting vulnerability analysis.
• Provide remediation guidance and recommendations to developers and administrators.
• Support development of incident response exercises to support development of approaches to respond to use case driven alerts and incidents.

• Perform security configuration reviews of our products to ensure that they are in alignment with company established best practices.

Minimum Qualifications

• Bachelor’s degree in Computer Science, Computer Engineering, Information Technology, Computer Security, or similar; or equivalent work experience.
• 3 or more years of experience in a cyber security engineer role and 2 or more years of experience in a software development role; or at least 8 years related field work experience with 4 or more years of experience in a cyber security role.
• A strong understanding of cybersecurity fundamentals relating to software development.
• Experience developing software utilizing at least two of the following coding languages: C#, GoLang, .NET, NodeJS, Java, C++, PHP, Python, or others.
• Demonstrated experience working with technical and non-technical staff.
• Strong collaboration and communication skills.
• Basic knowledge of a broad range of IT Security, Controls and Service Delivery standards and frameworks, for example: International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Control Objectives for IT (CoBIT)
• Experience with CSP infrastructure, such as that on Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure Cloud
• Experience with at least three of the following technology spaces (more is preferred): SAST, SCA, DAST, IAST, Fuzz Testing, ASPM, Threat Modeling, and similar.
• Experience validating software development processes meet cybersecurity requirements.
• Experience analyzing code for weaknesses and errors and overseeing plans to improve code.

Advantageous Experience Preferred:

• Professional certification in both cybersecurity and software development preferred.
• Experience as an application or product security engineer.
• Experience in software development of enterprise applications.
• Proficiency with multiple front-end, back-end, and scripting programming languages and demonstrated ability to become proficient with new programming languages and technologies.
• Strong familiarity with common vulnerabilities and attack vectors.
• Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs.
• Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.).
• Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments.

Company Standards of Conduct

All SDS Team Members are expected to conduct and carry themselves in a professional manner at all times. Team Members are required to observe the Company’s standards, work requirements and rules of conduct.