Application Security Engineer

OWASP, SANS, CI/CD automation, SDLC
Full Time
Depends on Experience
Travel not required

Job Description

The role of Senior Application Security Engineer is a vital component in the Enterprise Architecture team and cybersecurity program for the Output Solutions business unit. An important part of this role includes architecting, developing, maintaining, and demonstrating appropriate measures to minimize application security risk and maintain compliance with external requirements as conveyed in enterprise security standards. You will participate in a variety of projects and leverage your experience in technology and security to assess risks and recommend solutions. Additionally, you’ll promote security awareness among the application development teams and lead them in implementing controls and remediations to protect and its clients against emerging Cybersecurity threats.

This position includes primarily internal client and executive interaction with occasional external client and assessor interface, and as such requires strong professional presence, communication, negotiation and decision making skills. The ability to establish exceptional relationships and credibility with internal application development and Cybersecurity team associates external clients, third parties, and enterprise functions will be essential to the your success, as will the ability to lead other team members in the execution of projects.

Essential Job Responsibilities:
1. Provide both hands-on and high-level guidance for defensive coding practices based on mitigation of OWASP Top 10, SANS 25 software design flaws
2. Interpret static and dynamic code activities for both internal and external web applications
3. Work with the internal Applications Development function to drive the development of strategies, remediations and solutions for improving both architecture and application security
4. Work with application development software and infrastructure engineers in designing application security controls across a range of technologies to include but not limited to legacy .NET, C#, Java, Cobol, and containerized micro-services applications
5. Implement and model security practices for enterprise & cloud environments
6. Collaborate with Enterprise Cybersecurity Team to deliver solutions for the Output Solutions business, consistent with the enterprise Information Security strategy
7. Perform risk assessments and security architecture reviews across a variety of technology platforms and applications
8. Leverage experience to provide security guidance in strategic projects to improve the business unit’s security, risk and compliance posture
9. Proactively identify security risks, recommend remediation and mitigation techniques, clearly articulate the issues to impacted teams, provide code samples where applicable and work with them to resolve
10. Prepare, review and deliver concise, well-written security architecture and coding recommendations and communications
11. Facilitate and support the selection, design, implementation, and tuning of security tools
12. Engage directly with clients, auditors, and regulators to provide accurate and timely responses to security inquiries
13. Develop and foster constructive professional relationships with executive and line management
14. Establish trust and credibility with key stakeholders while promoting security awareness principles and compliance with security standards and regulatory requirements.

Basic Qualifications for Consideration:
1. Five or more years of direct application design and development experience focused on application security
2. Technical proficiency in two or more of the following areas:
a. Application Design and Development
b. Application Security (including OWASP concepts and application architecture and controls)
c. Computer Operations (including capacity, performance, and problem management)
d. Database Administration & Security
e. Information Security & Data Privacy
f. Network & Infrastructure Architecture and Security (including network segmentation concepts, firewalls, routers, VPN solutions etc.)
g. Systems Development (including SDLC, project management and change control methodologies)
3. Demonstrated ability to take ownership and follow up on issues
4. Demonstrated ability to work in a team and to work well under pressure
5. Advanced analytical and problem solving skills
6. Consistently demonstrates clear and concise written and verbal communication
7. Proficient in interpreting and applying policies, standards and procedures

Preferred Skills, Experience, and Education:
1. ALM process and tooling including CI/CD automation and Agile SDLC methodologies
2. Bachelor’s or advanced degree in Information Technology/Computer Science/Management Information Systems
3. Experience with static and dynamic application scanning tools, and interpretation/communication of results
4. Experience with security protocols and technologies (firewalls, IDS/IPS, DLP, SIEM, VPN, etc.)
5. Experience managing and implementing enterprise security tools (Fortify, Splunk, Imperva, Nessus, Qualys, etc.)
6. Experience conducting security technology/architecture reviews, risk assessments, and application penetration testing
7. Information security operations experience, including implementation of processes in line with best practices
8. Financial services experience, including working with auditors and assessors in highly regulated environments
9. Project management experience

Personal Attributes/Qualities:
1. Impeccable integrity
2. Exceptional professionalism
3. Leader and mentor
4. Consensus builder
5. Strategic thinker
6. Excellent communication skills, both oral and written
7. Credible and trustworthy
8. Quality and execution focus
9. Professional skepticism
10. Sound decision making and judgment

 

Data Resource Technologies Inc. is an Information Technology Staffing Firm serving the markets of the United States of America; the greatest country in the world. We work with Direct Clients Only and do not participate in multi layer contracts. Earn The Most Possible and put over 60 years of Information Technology Industry experience to work for you today, Call or Apply NOW!!!

Posted By

Cody Bright

12020 Shamrock Plaza, Suite 200 Omaha, NE, 68154

Contact
Dice Id : 10124769
Position Id : ASEATL
Originally Posted : 1 month ago
Have a Job? Post it