We have an opening for a Senior Application Security Engineer.
The Senior Application Security Engineer will serve as subject matter expert integrating secure design for applications and services within the system development lifecycle. This position collaborates with business units, project management, and engineering teams to deliver secure solutions.
Qualified candidates will have a background in cybersecurity or systems engineering.
In this capacity, the Senior Application Security Engineer will:
- Perform security architecture and design reviews of applications and services;
- Integrate security tasks and activities into system development methodologies (e.g. planning, design, implementation, operations, maintenance, and disposal); and
- Perform validation of security controls to ensure consistency with industry standard methodologies.
In addition, the Senior Application Security Engineer will be expected to have experience with the following areas of responsibility:
- Partner with engineering on development, implementation, and monitoring of security controls for the protection of applications, services and highly sensitive data;
- Perform vendor technical solution acceptance verification and validation;
- Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks;
- Assess gaps in existing policy and propose amendments to existing policy or new policy to address these gaps;
- Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement;
- Building threat models for enterprise applications to identify attack vectors and threats;
- Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within SDLC; and
- Provides guidance and support to self-testing, security control assessment, preparation of remediation plans, and development of continuous monitoring plans.
- Minimum of twelve years of experience (10 years of experience with cybersecurity or information assurance preferred);
- BS degree in Computer Science or related field;
- Strong communication skills with ability to articulate and translate security and risk management terminology in business terms;
- Thorough understanding of the latest security principles, techniques, and protocols;
- Detailed technical knowledge of cloud security, application security, mobile security, and secure development methodologies;
- Hands on experience with security systems, including vulnerability management, identity and access management, security risk assessments, application testing, SAST/DAST, etc.; and
- Strong proven experience providing secure design guidance for diverse application.