***We are unable to sponsor as this is a permanent full time role***
A prestigious company is on the search for a Applications Security Engineer. This individual needs to have come up as a programmer or is currently a programmer. They need to be highly proficient with at least one of the following languages: Java, .NET, Node.js, or Python. They need to have knowledge of OWASP and an understanding of Agile/XP/Scrum/Kanban. This candidate will be ideally 50% programmer and 50% hacker.
- Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.
- Develop and maintain a balanced application security program based on a well-defined application security framework.
- Conduct application security assessments / penetration tests and implement tools for dynamic/automated code reviews.
- Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments.
- Ensure compliance with society, regulatory, and industry standards for application security.
- Continuously evaluate the organization s existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
- Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
- Conduct code reviews and penetration testing.
- Develop and maintain unit and integration tests designed to ensure security controls are tested on every build.
- 3-5 years experience in a software development field such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer
- Highly proficient in at least one of the following development languages: Java, .NET, Node.js, or Python
- Possess a strong understanding of application architectural patterns, such as MVC, Microservices, Event-driven etc.
- Creative, organized, responsive, and highly thorough problem solver
- Possess strong business acumen with ability to work with application development, QA and security teams
- Possess a restlessness or desire to break into things
- Knowledge of the OWASP Top 10
- Understanding and Passion for Agile/XP/Scrum/Kanban
- Understanding of Test Driven Development built on User Stories
- Understanding of Continuous Integration/Testing/Delivery
- Familiarity with Metasploit, Burp Suite, Fuzzing, Gaunlt, and Jenkins is preferred
- Familiarity with code reviews and penetration testing preferred
- College degree with advanced degree preferred
- OSCP, OSCE, or OSWE Certifications are a major plus