MaxJobsClub US Contractor
This position will report to the Director of Information Security and is responsible for leading the Application Security program. This individual will be the primary liaison between Information Security and Applications Development, ensuring ongoing communication, education and security testing across the teams. The Application Security Engineer is the organization’s primary application security expert to ensure client and server-side software implementations are designed and implemented using the best security practices. This role will also be expected to help ingrain secure software development practices into the culture of the organization.
Key Responsibilities:
Align with and support the execution of the Information Security program’s vision and strategy
- Formalize and evangelize secure software development lifecycle practices (SSDLC)
- Define security requirements within the SSDLC to communicate security requirements based on data classification.
- Serve as a technical point of contact for product teams as it relates to automation, CI/CD, and Application Security Operations
- Design and implement security features across a variety of application and OS platforms
- Perform regular web and mobile application assessments to identify vulnerabilities and collaborate with stakeholders to remediate.
- Perform regular reviews to ensure SSDLC is being followed
- Define technical and functional requirements covering areas of software design, including microservice APIs, Cloud Services (Azure, AWS, etc.), and XaaS integration
- Regularly monitor and respond to events in Azure Security Center
- Perform software reviews, analyze security flaws and risks, and influence product designs.
- Perform formal threat model analysis on multiple client and server-side software programs.
- Work with validation teams to determine best methods to test product security. Familiar with penetration testing and in some cases, can design and perform your own penetration tests.
- Investigate reported security incidents on our software and act as the communication point for executive updates in those situations.
- The role requires a practical view of the trade-offs of security and needs to be able to find acceptable compromises in terms of cost, schedule, and features.
- Serve as an information security subject matter expert and trusted advisor by providing advisory and consulting services as required
- Understand current and emerging security threats and partner with architecture to mitigate threats
- Stay abreast of new security technologies and integrate into security design when appropriate
Required Experience:
Bachelor’s degree in Computer Science or related field, or demonstrated equivalent experience required
- 3-5 years of experience in software development and/or design.
- 2-3 years of experience in application security and/or leading secure coding development
- Coding experience with .NET, Java, JavaScript, and/or Python experience required. Windows development experience required. This role requires the ability to identify code security flaws across multiple platforms.
- Experience designing and implementing Container Security, API Security, and Azure Cloud Security.
- Strong knowledge of Containerization technologies such as; Kubernetes, OpenShift, Docker
- Experience in encryption and authentication methodologies.
- Experience reviewing vulnerability assessments and code security reviews.
- Experience with security technologies and assessment tools.
- Deep understanding of OWASP Top 20, CWE 25, Data Protection
- Basic familiarity with waterfall and agile development processes and have experience integrating secure development practices into both models.
- Deep knowledge and experience in using SAST, DAST and fuzz testing tools
- Basic understanding of application, network, operating system, and core infrastructure security concepts and concerns
- Understanding of emerging technologies in IT such as a Cloud Platform and Mobile BYOD as well as the associated security risks
- Certification or willingness to attain certification within 18 months, CISSP or CSSLP certifications preferred.
- Strong analytical and problem-solving skills.
- Ability to meet established deadlines; must be a self-starter and be able to work independently as well as being a team player
- Excellent communication and presentation skills, with the ability to present ideas in a collaborative team setting and in a user-friendly language
- Ability to multitask
- Must be able to react quickly and efficiently to production issues
- Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including senior managers and suppliers
- Energy and a clear passion for the role
- Demonstrated personal values aligned with our servant leadership tenants
- Must be able to successfully pass a background check