2019-010 – Application Security Engineer

Position Description:

We are looking for an Application Security Engineer/Architect with experience in design, build out, review and analysis of integration environment. Review of Java, Angular, Python and JS code source code. Azure and Amazon cloud environment experience a big plus. Experience with ARB (Architectural Review Board) participation required. Experience with database automation and security. OWASP Top 10 and strategy for implementation. Understanding of Threat Modeling (STRIDE and DREAD), Risk Assessments, RASP, Penetration Testing, and SharePoint. Understanding of Design Time, Run Time, Scanning Time and Operations requirements placed on development team to offer greater support. Application Security Debugging, CVE research, Static and Dynamic code scanning, Vulnerability scanning of environment and making recommendations for mitigation. NGINX Reverse Proxies, DevOps and DevSecOps, QA processes knowledge, Regression Testing, Imperva and Prevoty experience a big plus, IAM (Identity Access Management), System Hardening, Application Strategy Planning and Design, experience with highly virtualized environments preferred, Application and System recovery experience, Firewall configuration knowledge, Load Balancer configuration knowledge, ITIL and NIST, Zap, OpenShift, SIEM Integration, ZENOSS, IDS/IPS systems, IOT experience a big plus, log monitoring and rotations best practices,  BCP/DR, and SQL

 

Specific roles and responsibilities include:

  • Drive software security architecture, working closely with product specific technical architecture experts.
  • Ability to delegate and organize responsibilities with projects involving multiple personnel is essential which include but not limited to Scheduling and holding regular meetings with customers and team members to discuss system health and open tickets,
  • Provide technical leadership in the comprehensive planning, development, and execution of software security efforts.
  • Provide planning and input into the software engineering and product development process, related to security, sensitive to the constraints and needs of the business.
  • Monitor security technology trends and requirements, such as emerging standards, for new technology opportunities.
  • Liaise with corporate level security team to ensure conformity with any existing standards, technologies etc.
  • Develop and execute security plans. This may include managing across third-party vendors, and providing guidance (with other departments) to the engineering and testing practices.
  • Ensure, and create as needed, security policies, processes, practices, and operations to ensure reproducible development and high quality of product.
  • Engage in hands-on, in-depth analysis, review, and design of the software, including technical review and analysis of source code with a security perspective. Will include reviews of in-house developed code, as well as review of technologies provided by third party vendors.
  • Provide primary technical role in the security certifications process, including preparing extensive documentation and working with third-party evaluations.
  • Provide training to staff, contractors, development, and quality assurance teams, and product/software security champions related to product security
  • Provide full life cycle support (SDLC) for new and maintenance code changes in the production and development environment.
  • Use innovative problem solving and critical thinking approaches to trouble shoot challenging data centric problems.
  • Ability to analyze business requirements and scope of programming efforts.
  • Maintain a high proficiency level with system architectures and database system models.
  • Contribute to Agile application development organization.
  • Other duties as assigned

SonarCube, SolarLint, SpotBugs, FindSecBugs, Windows & Linux system architecture, strong networking experience or knowledge preferred.