Lead Application Security Engineer
Posted on Dec 12, 2018 by Request Technology - Craig Johnson
Prestigious Fortune 500 Company is currently seeking a Lead Application Security Engineer. Candidate will be part of a Global Information Security team, you will support applications across the globe. An emphasis will be placed on products that help customers monitor critical changes.
- Strong experience in application development (Java EE, Python, web APIs, C++/C#, .Net, and/or Linux Scripting)
- Strong experience with Application Security and Application Penetration Testing
- Strong understanding of a variety of application development architectures, platforms, methodologies, and supporting operating systems
- Strong understanding of web hosting platforms and web services (AWS preferred).
- Working knowledge of remediation methods (OWASP Top 10 at a minimum)
- Understanding of enterprise computing environments, distributed applications, and container technology (Docker preferred)
- Exceptional interpersonal and communication skills
- Familiarity or experience with CI/CD
- Any of the following certifications are desired: GWAPT, GWEB, OSCP, CISSP, CSSLP, or similar advanced security certification
- Conduct tests to evaluate and demonstrate the impact of software misconfiguration and vulnerabilities on in-house applications
- Model attacker behavior and help teams evaluate their resilience to known attack methodologies
- Provide expert level security consultation to project teams, application owners, and general technology teams on relevant security controls and Secure-SDLC process requirements
- Build & Monitor systems that ensure application security policies, coding standards and required security controls are being followed and appropriately mitigating threats
- Assist with required security education initiatives and foster a security-conscious culture within AppDev teams
- Develop, Enhance, and Participate, as needed, in security portion of Secure-SDLC
- Analyze and provide remediation guidance for identified vulnerabilities; validate and verify remediation implementation
- Participate and lead Information Security projects to expand AppSec capabilities
- App Security/Pen testing background Application development that progressed to a Security role will be considered, and Cloud and container experience is essential.