Application Security Engineer

Application Security, OWASP, web and mobile and API platforms, REST, SOAP, Web Application firewalls, AppScan, Fortify, Veracode, SonaType
Full Time, Contract W2
Negotiable
Telecommuting not available Travel not required

Job Description

  • Monitor developments within the application security industry to ensure internal policies, procedures, tools, and training reflect current trends and methods such as those published by OWASP
  • Provide security guidance on a constant stream of new products and technologies
  • Work with developers to refine security checkpoints in the SDLC that are based on applicable standards or industry-accepted doctrine.
  • Conduct regular security assessments
  • Identify emerging vulnerabilities, risks, and threats during design iterations and provide appropriate countermeasures
  • Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle.
  • Assist with periodic security risk assessments, IT security audits, and management reporting.
  • Work with the development teams to provide guidance on secure code.
  • Excellent verbal and written communication skills.

Experience: 3-5 years of experience developing on web and mobile and API platforms 3-5 years assessing and securing iOS and Android mobile apps 3-5 years assessing and securing REST and SOAP APIs 2-3 years assessing and securing web applications 2-3 years reviewing source code and using security testing tools 2 years threat modeling web and mobile applications Working knowledge of Web Application firewalls is necessary Experience working with Agile development/Scrum teams Strong knowledge and ability to operate vulnerability assessment and application assessment tools (e.g. AppScan, Fortify, Veracode, SonaType) Security risk assessment and systems security audit work experience is highly desired. Experience with threat modeling and web application security assessments

Dice Id : 10115448
Position Id : 381895
Have a Job? Post it