Application Security Engineer

Position Summary

The Application Security Principal role is pivotal in bridging the current security gaps and embedding security into every aspect of the technology lifecycle at OHS. This role collaborates with various teams to integrate security into applications and platforms, ensuring the safe deployment and operation of in-house-built solutions. With expertise in identity and access management, data security, threat modeling, and the secure software development lifecycle, the engineer ensures that security controls are seamlessly integrated throughout the application development process. Additionally, the role leads efforts in API security, conducts security assessments for AI systems, and continuously improves security tools and processes to address evolving threats.

Responsibilities include but are not limited to:

• Develop, manage, and enforce data protection controls to ensure data security is always maintained.
• Conduct threat modeling for complex applications and platforms.
• Secure code reviews, vulnerability assessments, application security standards and guidelines.
• Deploy, manage, operate RASP, SAST, DAST, WAF, IAST.
• Develop and implement Security measures for AI systems and initiatives.
• Establish API Security Frameworks, standards, and API Security management.
• Develop and manage application & data threat modeling and lead Secure SDLC efforts including standards.
• Define Identity and access controls with regards to applications, platforms and data.
• Update and maintain relevant standards and frameworks to ensure continued safeguarding company assets including sensitive data.
• Familiarity with PCI-DSS requirement and e-commerce security requirements and establish standards to secure e-commerce platform.
• Familiarity with authentication & authorization technologies sus as OAuth, SAML, JWT, federation and drive standards for consumer platforms in alignment with business requirements.

Experience and Qualifications of the Role

• Minimum 10+ years of experience with technology and at least 7-years in Information Security within cloud-native or SaaS technology environments.
• Experience conducting threat hunting, threat modeling in cloud platforms such as AWS, Azure, Oracle, Salesforce, Snowflake and container environments.
• Relevant certifications such as CSSLP, GWEB, GWPAT, and AWS/Google Cloud Platform/Azure Security certifications are desirable.
• Working experience performing security architecture review, code review, and building security requirements for the introduction of new technologies in a multi-cloud environment including SaaS applications.
• Working experience leveraging and customizing native & 3rd party security tools to secure multi-cloud environments.
• Hands-on experience working in multi-cloud environment with an understanding of cloud technology components such as networking, segmentation, virtualization, encryption, secrets & key management, serverless, container, Kubernetes and IaC.
• Hands-on experience with cloud/infrastructure traffic analysis, anomaly detection, Web Application Firewall (WAF), RASP, IAM and security automation.
• Familiarity with security concepts such as secure-by-design, application architecture, Authentication (SSO, SAML, Azure AD), Perimeter security, Micro-segmentation and Zero-Trust.
• Hands-on experience with Policy as Code (PaC) using coding languages such as Python, Go, JavaScript, or YAML.
• Hands-on experience with security testing tools such SCA, SAST, DAST and Website analysis.
• Extensive experience writing technical and business-friendly security documentation.
• Strong analytical, problem-solving, and communication skills. Ability to work collaboratively in a dynamic environment and manage tasks with attention to details.
• Experience working with developers, product managers, and having some eCommerce experience.
• Experience with Node.js, JavaScript, TypeScript, Python, and .NET.

Computer Skills Needed to Perform the Job

• Proficiency in Microsoft O365.
• Strong Excel Skills.
• Strong PowerPoint / Presentation skills.
• Education
• *
• Bachelor s degree in computer science, Cybersecurity, or comparable technical experience.

**Certificates, Licenses, Registrations. ** CISSP, CSSLP, GWEB, GWAPT or other relevant security certification and experience are desired.