Overview
Remote
Contract - W2
Skills
Software development methodology
J2EE
IBM Security AppScan
Software security
Financial services
Security controls
Manual testing
Security awareness
Information security
Computer science
Software engineering
C#
ASP.NET
Technical training
Code review
Penetration testing
Java
Web applications
Web services
Microsoft Office
Security management
Microsoft Azure
Cloud security
C
Leadership
Training
Design
Presentations
Software development
Planning
Testing
Evaluation
Mentorship
Internet
Fortify
SCA
HP
WebInspect
Burp suite
Metasploit
IMPACT
Management
Communication
Netsparker
Spring Framework
Hibernate
Computer networking
Python
Firewall
WAF
Amazon Web Services
API
Cyber security
OSCP
Certified Ethical Hacker
Cisco Certifications
DICE
Job Details
*Please note: we CAN NOT do C2C Arrangements at this time*
Our client, a Fortune 500 financial services group, is looking for a Senior Application Security Engineer. You would be responsible for promoting, designing, and evaluating application security in all phases of the application life cycle. The ASE shall ensure that appropriate and effective security techniques and solutions are identified, implemented, and used. May lead a small team of Engineers.
Essential Job Functions:
Software Security Assessment: Evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques.
Application Security Control Development: Provide expert guidance to developers on the appropriate selection and implementation of relevant application security controls.
Security Awareness Training: Design, develop and deliver presentations focused on raising awareness for crucial security relevant considerations and defensive programming techniques.
Support the planning and execution of the application security testing and evaluation program with possibility to mentor junior team members
Advise and consult internal clients on appropriate application of security practices and existing security services to solve problems or enable new business opportunities.
Serve as subject matter expert on application and information security technologies and methodologies.
Education/Experience Requirements:
B.S or M.S in Computer Science, or equivalent education or experience. Emphasis in software security a plus.
At least three (3) years of professional experience with M.S degree or at least five (5) years of experience with a B.S degree to include:
Two (2) or more years in software engineering and development with emphasis on the delivery of secure, Internet-exposed, multi-tier, web-based systems using Java/J2EE and/or C#/ASP/.NET (experience with both a plus). At least one (1) year of hands-on experience evaluating the security of applications using both manual and automated techniques. Relevant tool experience should include code security scanners such as Fortify SCA, Checkmarx; web vulnerability scanners such as HP WebInspect or IBM Rational AppScan; assessment support tools such as BurpSuite, Metasploit, or Core Impact.
Experience mentoring and leading small teams and demonstrated responsibility for managing security assessments for a portfolio of applications is desirable. Strong written and verbal communication skills. Specific relevant experience may include technical reports (especially application security assessment reports), technical whitepapers, presentation development and delivery (for both technical and business audiences), technical training, etc. Candidate should have experience making and defending sound technical arguments that incorporate relevant technical and business considerations, and building consensus among stakeholders.
Required Skills:
Application Security (AppSec) domain knowledge/experience, including ALL of the following Manual source code review
Experience analyzing DAST/SAST scan results (not just running the tools); Ideally with AppScan or Netsparker, and Checkmarx
Application penetration testing; ideally with BurpSuite
Solid Java Knowledge, and ideally at least historical Development Skills; e.g. a good understanding Core Java and ideally relevant frameworks (e.g. Spring, Hibernate, ).
Strong understanding of both Web Application and Web Service architectures, as well as associated protocols
Networking fundamentals (ideally security-centric)
Demonstrated history of making Security their career path through roles held and credentials obtained Highly Desired Skills: Python Knowledge + Development Skills
Capture the Flag (CTF) / red team exercise experiences.
Web Application Firewall (WAF) knowledge/experience
AWS Development Skills (e.g. ideally not just AWS Console access, but API level exposures) OR solid AWS Security knowledge.
Relevant Credentials, such as (Masters in Cybersecurity, OSCP, CEH)
Any of the following additional credentials
Microsoft 365 Security Administration
Microsoft Azure Security Technologies
Certified Cloud Security Professional (CCSP)
AWS Certified Solutions Architect
AWS Certified Security Specialty (Associate or Professional)
#Dice
#LI-MK1
#Remote
Our client, a Fortune 500 financial services group, is looking for a Senior Application Security Engineer. You would be responsible for promoting, designing, and evaluating application security in all phases of the application life cycle. The ASE shall ensure that appropriate and effective security techniques and solutions are identified, implemented, and used. May lead a small team of Engineers.
Essential Job Functions:
Software Security Assessment: Evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques.
Application Security Control Development: Provide expert guidance to developers on the appropriate selection and implementation of relevant application security controls.
Security Awareness Training: Design, develop and deliver presentations focused on raising awareness for crucial security relevant considerations and defensive programming techniques.
Support the planning and execution of the application security testing and evaluation program with possibility to mentor junior team members
Advise and consult internal clients on appropriate application of security practices and existing security services to solve problems or enable new business opportunities.
Serve as subject matter expert on application and information security technologies and methodologies.
Education/Experience Requirements:
B.S or M.S in Computer Science, or equivalent education or experience. Emphasis in software security a plus.
At least three (3) years of professional experience with M.S degree or at least five (5) years of experience with a B.S degree to include:
Two (2) or more years in software engineering and development with emphasis on the delivery of secure, Internet-exposed, multi-tier, web-based systems using Java/J2EE and/or C#/ASP/.NET (experience with both a plus). At least one (1) year of hands-on experience evaluating the security of applications using both manual and automated techniques. Relevant tool experience should include code security scanners such as Fortify SCA, Checkmarx; web vulnerability scanners such as HP WebInspect or IBM Rational AppScan; assessment support tools such as BurpSuite, Metasploit, or Core Impact.
Experience mentoring and leading small teams and demonstrated responsibility for managing security assessments for a portfolio of applications is desirable. Strong written and verbal communication skills. Specific relevant experience may include technical reports (especially application security assessment reports), technical whitepapers, presentation development and delivery (for both technical and business audiences), technical training, etc. Candidate should have experience making and defending sound technical arguments that incorporate relevant technical and business considerations, and building consensus among stakeholders.
Required Skills:
Application Security (AppSec) domain knowledge/experience, including ALL of the following Manual source code review
Experience analyzing DAST/SAST scan results (not just running the tools); Ideally with AppScan or Netsparker, and Checkmarx
Application penetration testing; ideally with BurpSuite
Solid Java Knowledge, and ideally at least historical Development Skills; e.g. a good understanding Core Java and ideally relevant frameworks (e.g. Spring, Hibernate, ).
Strong understanding of both Web Application and Web Service architectures, as well as associated protocols
Networking fundamentals (ideally security-centric)
Demonstrated history of making Security their career path through roles held and credentials obtained Highly Desired Skills: Python Knowledge + Development Skills
Capture the Flag (CTF) / red team exercise experiences.
Web Application Firewall (WAF) knowledge/experience
AWS Development Skills (e.g. ideally not just AWS Console access, but API level exposures) OR solid AWS Security knowledge.
Relevant Credentials, such as (Masters in Cybersecurity, OSCP, CEH)
Any of the following additional credentials
Microsoft 365 Security Administration
Microsoft Azure Security Technologies
Certified Cloud Security Professional (CCSP)
AWS Certified Solutions Architect
AWS Certified Security Specialty (Associate or Professional)
#Dice
#LI-MK1
#Remote