Application Security Engineer

Job title: Application Security Engineer

Job type: Full time

Job location: Morristown, NJ (hybrid-3 days onsite)

A global insurance company is seeking a Application Security Engineer to join their Information Security team.

Responsibilities:

• Develop and implement application-focused security controls during all phases of Secure Software Development Lifecycle and production operations.
• Collaborate, as needed, with development teams to enhance their secure coding practices, application design patterns, and technology selection.
• Maintain a strong familiarity with:
• full stack of security technologies and common application architectures regulatory requirements for security and privacy technologies.
• The various teams who are non-technical subject matter experts on those regulations.
• Industry-standard approaches for aligning development, operations, and security.
• Be responsible for continuously improving our suite of troubleshooting documents, SOPs, and support tools so that the IT support teams can self-resolve/diagnose application-level issues related to security incidents and/or controls.
• Application security review (development lifecycle, technology selection)
• Application security testing and instrumentation (production operations)
• Support of security tooling and automation

Requirements:

• Minimum of 5 years of experience in information security.
• Systematic thinking the ability to take a complex sequence of events and isolate the critical/relevant stages.
• Excellent interpersonal skills the ability to engage with both end users and IT colleagues to understand a problem and determine fact patterns, measurable requirements, and success criteria.
• Strong understanding of:
• HTTP, HTML, REST, SOAP, JSON, XML, YAML, and other data formats, web authentication patterns, especially SAML and OAuth, TLS/X509, and cookies, DNS, TCP/IP, and related tools (e.g., interpreting packet captures), Encryption at rest and in flight.
• Development and direct work experience with:
• Languages for automation, especially Python and Powershell, Query tools.
• Excel for ad-hoc analysis. Must be comfortable aggregating disparate sets of logs and other data for unified analysis.
• Packet captures for low level network troubleshooting
• Application development building blocks, Web application security components
• Native security controls in the Microsoft stack (OS, Office, Edge)
• Ability to write ad hoc queries using one or more of the following:
• Splunk, Powershell, Regular expressions, SQL, XPATH
• Ability to write practical audience-relevant documentation related to troubleshooting.
• B.S. in Computer Science or Software Engineering