• Application Security Engineer

    Job Locations US-FL-HOLLYWOOD
    Job ID
    2018-3600
    # of Openings
    1
    Department
    Information Technology
  • Overview

    The purpose of the Application Security Engineer role is to assist the development and security operations team with application-level security assessments and threat mitigation, perform penetration testing and security code reviews and review application security architecture.

    Responsibilities

    The primary duties and responsibilities of the Application Security Engineer follow:

    • Develop and evangelize secure programming standards
    • Provide guidance to the development and applications teams to proactively address security concerns and ensure that application security architecture, designs, and plans are aligned with information security standards and controls
    • Define and coordinate security requirements within various stages of the system development lifecycle process
    • Validate and address vulnerability / threat findings from static analysis tools
    • Coordinate, schedule and perform routine internal application, network, system and infrastructure penetration testing
    • Perform security reviews of software designs and assist developers to ensure quality and robustness of our internal products
    • Perform overall design review, including protocol checks for security issues
    • Examine communications protocols and data storage mechanisms for security risks
    • Validate, address and document responses to security findings from third-party penetration testing engagements
    • Perform code reviews, application vulnerability testing and penetration testing
    • Conduct security assessments against web applications and APIs across a variety of technology stacks
    • Ensure adequate security requirements and privacy by design are built in to all architecture/infrastructure/projects
    • Perform other security team relevant duties and responsibilities as assigned

    Qualifications

    Bachelor’s degree preferred in Computer Sciences, Information Technology, Information Security or other related field
    Five (5) years of related work experience, which includes two (2) years of practical experience in security incident management and response and two (2) years of practical experience in threat modeling, penetration testing and/or secure application development
    Direct experience with secure application development and application security risk mitigation techniques
    Knowledge of OAuth/OpenID Connect and JSON Web Token (JWT) highly desired
    Knowledge of web application attacks and defense strategies including those found in the OWASP Top 10 and mobile Top 10
    Passionate about Application Security with any combination of the following: secure coding, experience securing platform web APIs, code debugging, software development, system administration and network security, penetration testing (app and network), implementation of secure application architectures, cryp0toigraphy and key management, authentication and control of application permissions
    At least one industry standard certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Fraud Examiner (CFE), or SANS GIAC Certifications such as GWAPT, GPEN, GCIA, GWEB, GSSP
    Have an understanding of OS concepts such as scheduling, interrupt handling, virtualization of computing resources
    Demonstrate an understanding of programming and scripting skills
    Familiar with application security tools such as Rapid7, Core Impact, BurpSuite Pro, OWASP ZAP, Nmap, Nessus, Metasploit, Kali Linux
    Experience with an interpreted programming language (PHP, Python, Perl, Ruby, Java, Node.js, JavaScript, etc)
    Comfortable working independently but able to escalate problems as necessary
    Willing to guide and mentor fellow team members
    Can write code and documentation
    Can effectively use git and understand common SCM workflows

     
    Additional Skills:
    Team player able to work effectively at all levels of an organization with the ability to influence others to move toward consensus
    Clear ability to build strong relationships and establish trust with stakeholders at all levels.
    Excellent verbal and written communications skills – effecting communicator who engages well with technical and non-technical audiences alike
    Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner
    Ability to solve complex problems in a timely manner by working with multiple stakeholders
    Ability to manage multiple tasks and work streams effectively
    Ability to follow detailed procedures and processes with a high degree of accuracy.
    Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product
    Experience managing project through the full system development lifecycle
    Multiple language abilities preferred – fluency in English (written and spoken) required
    Flexibility to travel as required up to 25% overnight travel

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed