Application Security Engineer

Overview

Hybrid
Depends on Experience
Full Time
No Travel Required

Skills

Application Security
Information Security
security testing
security tooling
Python
Powershell
Web application security

Job Details

Job title: Application Security Engineer

Job type: Full time

Job location: Morristown, NJ (hybrid-3 days onsite)

A global insurance company is seeking a Application Security Engineer to join their Information Security team.

Responsibilities:

  • Develop and implement application-focused security controls during all phases of Secure Software Development Lifecycle and production operations.
  • Collaborate, as needed, with development teams to enhance their secure coding practices, application design patterns, and technology selection.
  • Maintain a strong familiarity with:
  • full stack of security technologies and common application architectures regulatory requirements for security and privacy technologies.
  • The various teams who are non-technical subject matter experts on those regulations.
  • Industry-standard approaches for aligning development, operations, and security.
  • Be responsible for continuously improving our suite of troubleshooting documents, SOPs, and support tools so that the IT support teams can self-resolve/diagnose application-level issues related to security incidents and/or controls.
  • Application security review (development lifecycle, technology selection)
  • Application security testing and instrumentation (production operations)
  • Support of security tooling and automation

Requirements:

  • Minimum of 5 years of experience in information security.
  • Systematic thinking the ability to take a complex sequence of events and isolate the critical/relevant stages.
  • Excellent interpersonal skills the ability to engage with both end users and IT colleagues to understand a problem and determine fact patterns, measurable requirements, and success criteria.
  • Strong understanding of:
  • HTTP, HTML, REST, SOAP, JSON, XML, YAML, and other data formats, web authentication patterns, especially SAML and OAuth, TLS/X509, and cookies, DNS, TCP/IP, and related tools (e.g., interpreting packet captures), Encryption at rest and in flight.
  • Development and direct work experience with:
  • Languages for automation, especially Python and Powershell, Query tools.
  • Excel for ad-hoc analysis. Must be comfortable aggregating disparate sets of logs and other data for unified analysis.
  • Packet captures for low level network troubleshooting
  • Application development building blocks, Web application security components
  • Native security controls in the Microsoft stack (OS, Office, Edge)
  • Ability to write ad hoc queries using one or more of the following:
  • Splunk, Powershell, Regular expressions, SQL, XPATH
  • Ability to write practical audience-relevant documentation related to troubleshooting.
  • B.S. in Computer Science or Software Engineering
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About New Millennium Consulting