Application Security Engineer

RESPONSIBILITIES:

• Proactively identify and resolve security risks, issues and incidents.
• Evaluate and assess information risk, as well as remediation of identified vulnerabilities with the ecosystem.
• Report on findings and recommendations for corrective action.
• Perform assigned vulnerability assessments utilizing enterprise security tools and methodologies.
• Perform assessments of IT security/risk posture within the IT network, systems and software applications.
• Drive security mitigation efforts through identification of opportunities to reduce risk and document remediation options regarding risk scenarios.
• Facilitate and monitor performance of risk remediation tasks.
• Design security solutions to address security vulnerabilities and weaknesses
• Continuously update the monitoring environment and tools in order to provide the correct level of insight into the environment
• Technical point of contact/lead for product teams as it relates to automation, CI/CD, and Product Application Security Operations.
• Build tools and automation scripts that enable developers to easily consume security services delivered by Security Engineering and Automation team.

REQUIRED EXPERIENCE:

• 7+ years of experience in application security roles with increasing responsibility, including leadership responsibilities.
• 5+ years or experience in an enterprise technology environment, with responsibilities across a operations, networking, systems and infrastructure architecture, or other as applicable technical areas.
• Prior development experience in Java or C#
• 3+ years of experience in a Security Operations Center or Continuous Monitoring role
• 3+ years of experience in Web Application Security, SSDLC and Threat Modelling.
• Prior hands on experience with Software Development Java / C# / C++.
• Experience with a variety of Continuous Monitoring, and vulnerability scanning tools
• Must have hands on infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
• Experience in managing application security testing tools like SAST, DAST and Open Source Vulnerability Scanning
• Prior experience implementing SOX, PCI, ISO, NIST 800-53, NIST CSF,
• SonarQube, Snyk, Qualys, Wiz.
• DEEP understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies.
• Excellent written and verbal communication skills — including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences — and strong interpersonal and collaborative skills
• Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
• Strong preference for ISC2, SANS, ISACA, or other recognized security professional credentialing organizations.
• Bachelor's degree in information systems, engineering or equivalent work experience, preferably Information System management / Computer Science / Information Security or a related technical discipline