Application Security Engineer

Job title: Application Security Engineer

Job Location/Work Model: US-Remote

Top Qualifications:

1. SAST, DAST, OSS

2. Secure Coding, OWASP TOP 10

3. Tools like Checkmarx, Fortify, Coverity, Gitlab etc.

Job Summary:

The contracted Application Security Engineer will be responsible for designing and implementing security solutions for specific applications and systems. This role demands close collaboration with software developers to ensure applications are secure and compliant with relevant security standards.

Experience: 8 to 10 years

Required Skills:

• OWASP-ZAP

• Sec Practices - OWASP Top 10

• HCL Appscan

Shift: Day

Responsibilities:

• Secure Configuration Management: Employ secure configuration management processes.

• Consistency with Cybersecurity Guidelines: Ensure that acquired or developed system(s) and architecture(s) are consistent with the organization's cybersecurity architecture guidelines.

• Business Function Prioritization: Identify and prioritize critical business functions in collaboration with organizational stakeholders.

• Security Reviews and Risk Management: Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

• Impact Analysis: Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.

• Security Evaluation: Evaluate security architectures and designs to determine the adequacy of security design and architecture.

• Security Control Documentation: Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately.

• Define Security Patterns: Create security patterns, providing frameworks or templates for addressing recurring cybersecurity issues.

• Collaboration with Developers and Operations: Work closely with both developers and operations teams to ensure the deployment of secure solutions.

• Stay Updated with Security Trends: Remain current with new security vulnerabilities, threats, and industry developments to ensure that security solutions and protocols are up-to-date.

• Training and Development: Train other team members and developers on current security practices and potential threats.

• Infrastructure Security Design: Collaborate with the infrastructure architect to design a secure environment.

• Okta Integration: Assess and ensure the secure integration and configuration of Okta for identity and access management within the organization's applications.

• Illumio Segmentation: Analyze and define security boundaries using Illumio for network segmentation to protect sensitive data and reduce attack surfaces.

• Code Review: Conduct thorough reviews of application code to identify and remediate security vulnerabilities, ensuring the codebase adheres to best security practices.

• Incorporate Security Patterns: Ensure that established security patterns and protocols are effectively incorporated into the application development process to maintain robust security standards.

• Secure Coding Practices: Implement best practices for secure coding and advise development teams on mitigating security issues in their code.

Skillset Required:

An exceptional Application Security Engineer candidate should possess the following skills:

1. Proficiency in several programming languages (Java, C++, Python, .net, etc.)

2. Understanding of Secure Software Development Life Cycle (SDLC)

3. Deep knowledge of security architectures, protocols, and standards

4. Skill in risk identification and application threat modeling

5. Experience using security tools for code reviews and application vulnerability scanning

6. Proficiency in encryption methods and standards

7. Ability to design, test, and implement secure applications

8. Broad knowledge of system infrastructure, software, and hardware

9. Relevant certifications like CISSP, CSSLP, or CISM

10. Excellent communication skills to simplify complex security concepts

11. Experience integrating systems with APIs and interacting with SaaS solutions

12. Experience with Cloud services from AWS, Azure, Google

13. Experience with SSO integrations and modern authentication methods

14. Knowledge of data security methods, tokenization, encryption, and secure communications