Application Security Engineer
*We are unable to sponsor for this permanent Full time role*
*Position is bonus eligible*
Prestigious Financial Institution is currently seeking an Application Security Engineer. Candidate will help secure software development initiatives, projects, and operations with implementation of security best practices in the software development life cycle (SDLC), guiding application teams in the secure development of custom applications, and integrating custom and commercial software with security infrastructure to support the confidentiality, integrity and availability of enterprise applications.
Responsibilities:.
Application Security Testing - The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments.
Vulnerability Management - The cataloging, reviewing for false positives and mitigations, threat and risk assessments, and life cycle management through remediation according to SLAs of application vulnerabilities.
Release Management - Ongoing reviews of application releases to ensure only secure and reviewed code is pushed to prod, with automation tasks as necessary.
CI/CD pipeline - Develop scripts to integrate Security tools into the Jenkins pipeline and assist development teams with interpreting results from pipeline vulnerability verification reports to facilitate vulnerability remediation.
Documentation - Perform administrative and regulatory control activities including development of process and procedural documentation and gathering evidence for audits.
Process Improvement - Continually enhance current practices, assess current toolset, and help implement new tools and processes to enhance current security coverage.
Qualifications:
Excellent oral and written communication, analytical skills to successfully analyze and communicate complex problem and solutions.
Organized, curious, persistent, and service-oriented.
Programming knowledge and coding experience, particularly Python and JAVA
Basic understanding of system development life cycle
Prefer basic knowledge of CI/CD pipelines (Jenkins)
Prefer knowledge of IAC and containers
Prefer knowledge of Security control frameworks (RMF, CSF)
General knowledge of Scripting languages (Python, etc.)
Experience performing application security manual penetration tests and familiarity with pen-testing tools (eg, Burp Suite, Kali Linux, Postman)
Knowledge of security architecture design and principles including confidentiality, integrity, and availability.
Experience with using or reviewing output of automated code scanning tools and development pipeline tools
Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP).
Familiarity with application frameworks and their built-in security services and API's (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.)
Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, NS Active Directory and LDAP)
General knowledge of cryptography (symmetric and asymmetric encryption, digital signatures, message digests, certificates, PKI, SSL/TLS, etc.)
Fundamental understanding of network and data communications technologies
Knowledge of security in Cloud concepts
Knowledge of Secure DevOps concepts
Professional network and/or security certifications a plus (ie, GIAC, CISSP, CISA, CISM, CRISC)
Cloud security/automation certifications a plus (ie GCSA, AWS Cloud Practitioner or beyond)
Penetration testing certifications a plus (ie OSCP, GWAPT, Burp Suite Certified Practitioner)
Preferred Skills:
- Experience or relevant training in Terraform and cloud platforms such as AWS
- Experience with Java programming including Java Servlets, JSP, J2EE, Spring.
- Experience with J2EE applications and infrastructure including IBM WebSphere Application Server, WebSphere Portal, BEA Weblogic solutions and development.
- Experience with agile methodologies and Jira
- Degree in Cyber Security, Engineering, Mathematics, Computer Science, or a combination of education and relevant experience.
- Training or experience in Web App or Network pentesting
- Training in cloud (ex., AWS Cloud Practitioner or Certified Cloud Security Professional)
- 5+ years experience working with Secure DevOps or a development pipeline and release management
Reference: 2678388499
Application Security Engineer
Posted on Nov 13, 2023 by Request Technology - Craig Johnson
*We are unable to sponsor for this permanent Full time role*
*Position is bonus eligible*
Prestigious Financial Institution is currently seeking an Application Security Engineer. Candidate will help secure software development initiatives, projects, and operations with implementation of security best practices in the software development life cycle (SDLC), guiding application teams in the secure development of custom applications, and integrating custom and commercial software with security infrastructure to support the confidentiality, integrity and availability of enterprise applications.
Responsibilities:.
Application Security Testing - The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments.
Vulnerability Management - The cataloging, reviewing for false positives and mitigations, threat and risk assessments, and life cycle management through remediation according to SLAs of application vulnerabilities.
Release Management - Ongoing reviews of application releases to ensure only secure and reviewed code is pushed to prod, with automation tasks as necessary.
CI/CD pipeline - Develop scripts to integrate Security tools into the Jenkins pipeline and assist development teams with interpreting results from pipeline vulnerability verification reports to facilitate vulnerability remediation.
Documentation - Perform administrative and regulatory control activities including development of process and procedural documentation and gathering evidence for audits.
Process Improvement - Continually enhance current practices, assess current toolset, and help implement new tools and processes to enhance current security coverage.
Qualifications:
Excellent oral and written communication, analytical skills to successfully analyze and communicate complex problem and solutions.
Organized, curious, persistent, and service-oriented.
Programming knowledge and coding experience, particularly Python and JAVA
Basic understanding of system development life cycle
Prefer basic knowledge of CI/CD pipelines (Jenkins)
Prefer knowledge of IAC and containers
Prefer knowledge of Security control frameworks (RMF, CSF)
General knowledge of Scripting languages (Python, etc.)
Experience performing application security manual penetration tests and familiarity with pen-testing tools (eg, Burp Suite, Kali Linux, Postman)
Knowledge of security architecture design and principles including confidentiality, integrity, and availability.
Experience with using or reviewing output of automated code scanning tools and development pipeline tools
Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP).
Familiarity with application frameworks and their built-in security services and API's (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.)
Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, NS Active Directory and LDAP)
General knowledge of cryptography (symmetric and asymmetric encryption, digital signatures, message digests, certificates, PKI, SSL/TLS, etc.)
Fundamental understanding of network and data communications technologies
Knowledge of security in Cloud concepts
Knowledge of Secure DevOps concepts
Professional network and/or security certifications a plus (ie, GIAC, CISSP, CISA, CISM, CRISC)
Cloud security/automation certifications a plus (ie GCSA, AWS Cloud Practitioner or beyond)
Penetration testing certifications a plus (ie OSCP, GWAPT, Burp Suite Certified Practitioner)
Preferred Skills:
- Experience or relevant training in Terraform and cloud platforms such as AWS
- Experience with Java programming including Java Servlets, JSP, J2EE, Spring.
- Experience with J2EE applications and infrastructure including IBM WebSphere Application Server, WebSphere Portal, BEA Weblogic solutions and development.
- Experience with agile methodologies and Jira
- Degree in Cyber Security, Engineering, Mathematics, Computer Science, or a combination of education and relevant experience.
- Training or experience in Web App or Network pentesting
- Training in cloud (ex., AWS Cloud Practitioner or Certified Cloud Security Professional)
- 5+ years experience working with Secure DevOps or a development pipeline and release management
Reference: 2678388499
Alert me to jobs like this:
Amplify your job search:
Expert career advice
Increase interview chances with our downloads and specialist services.
Visit Blog