Lead Application Security Engineer

REQUIRED EXPERIENCE:

7+ years of experience in application security roles with increasing responsibility, including leadership responsibilities.
5+ years or experience in an enterprise technology environment, with responsibilities across a operations, networking, systems and infrastructure architecture, or other as applicable technical areas.
Prior development experience in Java or C#
3+ years of experience in a Security Operations Center or Continuous Monitoring role
3+ years of experience in Web Application Security, SSDLC and Threat Modelling.
Prior hands on experience with Software Development Java / C# / C++.
Experience with a variety of Continuous Monitoring, and vulnerability scanning tools
Must have hands on infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
Experience in managing application security testing tools like SAST, DAST and Open Source Vulnerability Scanning
Prior experience implementing SOX, PCI, ISO, NIST 800-53, NIST CSF,
SonarQube, Snyk, Qualys, Wiz.
DEEP understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies.
Excellent written and verbal communication skills — including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences — and strong interpersonal and collaborative skills
Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
Strong preference for ISC2, SANS, ISACA, or other recognized security professional credentialing organizations.
Bachelor's degree in information systems, engineering or equivalent work experience, preferably Information System management / Computer Science / Information Security or a related technical discipline.