Cyber Application Security Engineer

We are seeking a cyber application security engineer who adopts a comprehensive approach to application security, encompassing security activities throughout all phases of the Secure Software Development Lifecycle (SDLC).

ROLES & RESPONSIBILITIES:

Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack Participate in and support application security reviews and threat modeling, including code review and dynamic testing.

Own and perform application security vulnerability management.

Facilitate and support the preparation of security releases.

Support and consult with Product and Engineering teams in the area of application security.

Assist in development of automated security testing to validate that secure coding best practices are being used.

Identify solutions for difficult security problems while collaborating in a broader agile Application Security team

Building a comprehensive solution to conduct consolidation, aggregation, and notification of security findings to respective stakeholders.

Perform application testing and review security test results from scans and penetration testing to identify viable vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.

Develop security controls and processes for products and services developed and deployed for both on-prem and cloud environments.

Perform threat modeling, conduct security architecture reviews and provide training to architects and developers to enhance adoption of secure coding practice within the product development lifecycle.

Provide security related coaching, training and expertise to drive and elevate security expertise within the development teams

Responsible for promoting, designing, and evaluating application security in all phases of the software development life cycle, and constantly looking for innovative ways to improve processes.

Understanding of and experience securing cloud infrastructure and applications using contemporary cloud computing models (IaaS, PaaS, SaaS, etc) with emphasis on Azure/AWS technologies

Write proof of concept code to demonstrate the severity of a potential security issue.

SKILLS & REQUIREMENTS:

Bachelor’s Degree in Information Technology or the equivalent combination of education, training or experience

Significant experience in the field of cybersecurity and/or application security, including time as an engineer writing code, conducting code reviews or in a senior role contributing to secure software design, development and testing processes

Expert knowledge in security best practices, principles, and common security frameworks such as OWASP, NIST and ISO

Familiarity with common security libraries, security controls, and common security flaws.

Basic development or scripting experience and skills. Ruby and Ruby on Rails is preferred.

Experience building secure software based on frameworks such OWASP, BSIMM and SANS

Significant experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing (SAST, DAST, RASP, SCA) and other application security testing tools and techniques.

Knowledge of common scripting and compiled languages including C#, Java, JavaScript, Python, Perl, PowerShell, and the .NET development frameworks. Full stack experience including MySQL/SQL preferred