SENIOR APPLICATION SECURITY ENGINEER
ALTA IT Services has a 9 month ++ contract opening for a Senior Application Security Analyst to support a leading, Washington DC based health insurance customer. Work is being conducted remotely during COVID safety measures with eventual return to partial onsite work once pandemic conditions have lifted.
The intent of the role is to drive embedding security seamlessly into the Software development lifecycle. The Lead Application Security Engineer will serve as a technical subject matter expert working with Technical teams. The engineer will collaborate with teams and vendors to determine security requirements and support all phases of integration, operations, and maintenance to ensure a secure software environment. They will be able to work independently or in a team environment.
- Provide subject matter expertise on secure coding practices and security design based on current knowledge of security threats and vulnerabilities that could impact the technology stack.
- Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security.
- Evaluate various application security tools including SAST, DAST, SCA, IAST, and Pen Testing and operationalize security tools for integration with CI/CD.
- Perform application testing and review security test results from scans and penetration testing to identify viable vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.
- Develop security controls and processes for products and services developed and deployed for both on-prem and cloud environments.
- Perform threat modeling, conduct security architecture reviews and provide training to architects and developers to enhance adoption of secure coding practice within the product development lifecycle.
- Provide security related coaching and expertise to drive and elevate security expertise within the development teams.
- Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiums
QUALIFICATIONS AND EDUCATION REQUIREMENTS:
- Bachelor’s Degree in Information Technology or the equivalent combination of education, training or experience
- 8 years or more experience in the field of cybersecurity and application security
- Expert knowledge in security best practices, principles and common security frameworks such as OWASP, NIST and HIPAA
- Experience in software development including Java/ Python and scripting languages
- Knowledge of secure architecture and design patterns for Web, Mobile and Microservices
- Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
- Experience securing cloud infrastructure and applications
- Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing.
- Advanced organizational, planning and time management skills
- Advanced communication, presentation and analytical skills
- Desired: CISSP, CISM or other related Information Security certifications
HOURLY RATE: Up to $80/hr. range. Benefits available. C2C OK.
For consideration please contact Melissa McNally via
ALTA IT Services, is an established leader in IT Staffing and Services, specializing in Agile Transformation Services, Program & Project Management, Application Development, Cybersecurity, and Data & Advanced Analytics. We are an equal opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, disability, veteran status, sexual orientation, or any other factor.