The selected candidate will provides application security, assists with implementing OWASP and secures SDLC, performs code reviews, assess Internet Information Services (IIS) and Apache configurations before Websites or Web services are released to production. Maintains an inventory of all applications, program dependencies and APIs.
Job Description
As an Application Security Engineer, you will play a pivotal role in ensuring the security and integrity of our software applications. You will collaborate with development teams to identify vulnerabilities, design and implement security measures, and enhance the overall security posture of our products. This role offers a unique opportunity to work at the forefront of technology and contribute to the protection of our organization's digital assets.
Essential Job Duties
1. Identifies applicable industry best practices and consults with development teams on methods to continuously improving the risk posture. Maintains a risk register for material and critical assets, track applications risk score card and produce metrics to drive visibility for use by the CISO and Sr. management. Develops and enhances practices to align application development with the NIST 800-53 security framework to satisfy business and regulatory requirements to comply with CJIS, HIPAA and PCI-DSS.
2. Implements secure Software Development Lifecycle (SDLC), enforces Security Policy, Standards and Controls including oversight of remediation activities. Conducts vulnerability reviews against Internet Information Services, Apache, Application Program Interfaces (API) and associated cryptographic functions and exchanges.
3. Orchestrates and executes application security risk assessments independently with little or no guidance. Assesses applications, design threat models, documents potential risk vectors, checks for code vulnerabilities, recommends proportional controls and ensures risks are resolved expeditiously.
4. Ensures Azure, SaaS and on-promise application security configurations and exchanges are free of Common Vulnerabilities and Exposures (CVE). Deploys applications for static and dynamic code testing. Research trends to meet future information security requirements.
Education, Experience and Training:
Bachelor’s degree from an accredited college or university in Computer Science, Management Information Systems, Mathematics, Engineering, or in a technical job related field of study.
Six(6) years of work-related experience as Application Security Engineer, Application Security Developer or Sr. Application Security Analyst, scoping and recommending static and dynamic application security tools, collaborating with Application Development teams on projects, scanning code for vulnerabilities and CVEs, reducing threat vectors in Azure, API and in on premise application environments.
Special Requirements/Knowledge, Skills & Abilities :
? Prior experience as a software developer, a detailed history of OWASP concepts and practices with the ability to teach others, hands on experience with NIST 800-53 and secure SDLC practices. Capability to contribute to project planning and communicate technical concepts in a manner that customers and stakeholders can gain an understanding.
? Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) designation preferred.
? Ability to participate in an on-call rotating off-hours schedule. Create and update
technical documentation. Juggle multiple projects and priorities simultaneously. Familiar with Agile, Waterfall and Scrum methodologies. Strong analytical skills. Relies on extensive experience and judgment to plan and accomplish goals. Skilled in the use of standard and non-standard software applications.
? Ability to effectively communicate both verbally and in writing, and establish and maintain effective working relationships with employees, departments and the general public. Must possess a valid Texas driver’s license, with a good driving record.
? Must pass a background investigation. Required to be on call at all times.