The Application Security Engineer serves as key individual contributor on the Information Technology (IT) Security team. As part of the IT Security team, the Application Security Engineer will help support Client’s mission by protecting critical computing assets, securing sensitive data, and working with the Global IT teams to provide security monitoring and incident response.
The Application Security Engineer is responsible for implementing, supporting, and maintaining all aspects related to Application Security and Vulnerability Management at an enterprise level. The engineer will maintain a strong focus on automation, self-service, rapid feedback, continuous improvement and leveraging best practices throughout.
Roles and Responsibilities
- Conduct system security, vulnerability analyses, and risk assessments; identify integration issues.
- Use technical knowledge of current attacks to identify flaws and weaknesses in the composition and design of networks, remote access schemes, systems, and applications to specify solutions, verify the solutions that have been implemented, and rapidly adjust designs based on new threat and attack information as acquired.
- Experience with engineering, implementing, and monitoring security measures for the protection of systems, networks, and information.
- Experience with vulnerability management and enterprise remediation efforts.
- Monitor, secure, and communicate network vulnerabilities and attack vectors for diverse stakeholders.
- Collaborate with solution architecture to devise infrastructure solutions most suitable to meet system requirements.
- Plan and coordinate system utilization, and performs growth analysis and capacity planning.
- Supporting mission critical, 24x7 systems.
- Conduct compliance and vulnerability scans on workstations, servers, databases, web servers, etc.
- Develop risk overview of the enterprise and provide detailed remediation strategies to the stakeholders to improve the security posture of the client.
- Leading enterprise-wide efforts on risk assessments, detailed technical recommendations, and coordination or remediation and mitigation strategies.
- Prepare briefings and reports of findings to senior-level leadership and stakeholders.
- Serve as technical and project lead on IT Security initiatives, partner with System Engineers, Application Development teams, and Architects.
- Must be able to contribute or build policies and procedures around Application Security.
- Interfaces with IT mission partners, including Networking, Architecture, and Project Delivery, to deliver business value.
- Communicate and support security policy, deployment, and support needs.
- Communicate the security challenges associated and provide solutions to mitigate them.
- Work with other engineers on technical requirements and communicate to management.
- Work with minimal supervision, set priorities, and give attention to detail and quality, flexible, strong organizational and time management skills, ability to multitask, ability to work individually and with a team, positive attitude, self-motivated, reliable, trustworthy, strong interpersonal skills, diplomacy, and ability to handle stress in professional manner.
- Bachelor’s degree in Information Technology or a relevant field. Equivalent combination of education and relevant experience may be considered.
- 5 years of experience in IT security, and Vulnerability Management.
- 3 years of experience practicing Change, Problem, and Incident management processes utilizing ITIL in an enterprise environment.
- Understanding of network protocols such as TCP/IP and web protocols (HTTP/HTTPS), and the OWASP top 10 security issues.
- Working knowledge of data security controls, protocols, methods, and understanding of the SDLC process.