The Application Security Engineer is a hands-on, first line role responsible for evaluating and enforcing security across the Secure Software Development Life Cycle (SDLC). The Application Security Engineer will conduct…
The Application Security Engineer is a hands-on, first line role responsible for evaluating and enforcing security across the Secure Software Development Life Cycle (SDLC). The Application Security Engineer will conduct code reviews and assess/remediate issues stemming from application security scans using various tools. The position will work closely with IT Development implementing, executing and improving the security developed applications that could lead to negative operational, reputational, and/or financial impact. The ideal candidate will have solid experience operating a risk-based penetration testing program, conducting both manual and automated penetration tests to improve application security and effecitvely communicating flaws to management as part of risk metrics reporting.
THIS IS A CONTRACT TO HIRE POSITION THAT CAN BE WORKED IN CHARLOTTE, NC, LIVINGSTON, NJ, PASADENA, CA OR JACKSONVILLE, FLORIDA.
Conduct ongoing code reviews and application security scans, identify and interpret flaws, consult and advise development teams on remediation and track issues to resolution in accordance with service level agreements (SLA).
Proactively manage security flaws and engage IT Development to ensure issues are resolved in line with SLAs.
Maintain monthly management reporting supporting this effort.
Perform dynamic/static testing using various tools, provide recommendations and guidance on mitigation and validate issue remediation. Maintain detailed evidence documentation throughout process.
Review application security and approve application changes as part of formal Change Management process.
Collaborate with colleagues from Security Architecture & Assurance, Security Operations and IT Development in the testing and remediation process, including resolution of issues stemming from risk assessments and third party penetration testing.
Participate in the development of security standards, provide recommendations for improving application security program based on subject matter expertise and industry best practices.
Maintain application security program standard operating procedures in line with applicable Security standards.
Contribute to regulatory, risk assessment and internal audit examinations where required.
5+ years experience in application security function working with developers throughout Secure Software Development Life Cycle.
Ability to identify security vulnerabilities from source code reviews/testing and provide security guidance to development teams.
Strong knowledge of Open Web Application Security Project (OWASP).
Strong knowledge of common application security vulnerabilities (e.g., XSS, CSRF, SQL injection, input/output validation, etc.) and how to engineer software to avoid them.
Expertise in application security testing, static and dynamic analysis.
Prior Experience in programming in one or more server-side technologies ideal e.g., ASP.NET.
Experience with manual penetration testing and incorporating with automated methods/tools.
Familiarity with web application firewalls.
Critical thinker with demonstrated problem solving skills.
Demonstrated ability to prioritize and successfully manage competing work assignments in a time sensitive environment.
A high degree of initiative required with the ability to work independently or as part of a team.
High level of personal integrity, and the ability to professionally handle confidential matters and project the appropriate level of urgency, judgment and maturity.