We are looking for a Senior Application Security Engineer to join our Business Systems Development team. The Senior Application Security Engineer will be responsible for continuously improving and maintaining the application security of our applications. The candidate will provide security guidance and conduct security assessments to ensure the technology platforms within the organization are implemented in accordance with best standards and policies.
The Senior Applicator Security Engineer will report directly to the Sr. VP of Business Systems Development.
Key responsibilities include:
- Provide security reviews of new components/packages/plugins to be brought into use on the platform
- Establish best practices with regards to secure application design and facilitate implementation across the development teams.
- Conduct design and code reviews with a specific focus on application security.
- Provide ongoing security assessments and vulnerability reviews of software currently in operation.
- Perform application penetration testing for sensitive internet facing applications.
- Work closely with Development, Operations, and Info Sec teams to monitor and remediate security incidents.
- Collaborate closely with the development team to integrate and automate security processes into CI/CD pipeline
- Assess and calculate application risk; create and present metrics and summaries.
- Experience with Application Security tools and technologies (Static code analysis, Dynamic scanning, WAF, SSL/TLS, Apache HTTPD, OAUTH2 /Open ID and JWT)
- Experience with scripting languages like Python, Bash, and Java Script.
- Experience with Java programming.
- Knowledge of CI/CD practices.
- Knowledge of Web application architecture and API development practices.
- Experience working with cloud platforms such as AWS, Google Cloud etc. from both a developer and security perspective a plus.
Education and Experience:
- Minimum of a Bachelor's degree or equivalent in Computer Science or Engineering.
- Six or more years of software development experience with security focus or as an Application Security Engineer.
- Information security certifications such as CISSP, CCSP etc. a plus.