***** Direct Client Requirement*****
Title : Application Security Engineer
Location : Addison, TX
Rate : DOE /If your experience and skills match call us immediately for submission
Duration : 6-Months
Interview Type : Skype or Phone
Work Status : Successful applicants must be legally authorized to work in the U.S.
Job Type : C2C, C2H, W2
Experience : 6+ YEARS
Prefer W2 : U S C/ G C /H1B Transfer/OPT/CPT/H4 EAD and other US work authorization are accepted
This position will report to the Director of Information Security and is responsible for leading the Application Security program. This individual will be the primary liaison between Information Security and Applications Development, ensuring ongoing communication, education and security testing across the teams. The Application Security Engineer is the organization’s primary application security expert to ensure client and server-side software implementations are designed and implemented using the best security practices. This role will also be expected to help ingrain secure software development practices into the culture of the organization.
Align with and support the execution of the Information Security program’s vision and strategy
- Formalize and evangelize secure software development lifecycle practices (SSDLC)
- Define security requirements within the SSDLC to communicate security requirements based on data classification.
- Serve as a technical point of contact for product teams as it relates to automation, CI/CD, and Application Security Operations
- Design and implement security features across a variety of application and OS platforms
- Perform regular web and mobile application assessments to identify vulnerabilities and collaborate with stakeholders to remediate.
- Perform regular reviews to ensure SSDLC is being followed
- Define technical and functional requirements covering areas of software design, including microservice APIs, Cloud Services (Azure, AWS, etc.), and XaaS integration
- Regularly monitor and respond to events in Azure Security Center
- Perform software reviews, analyze security flaws and risks, and influence product designs.
- Perform formal threat model analysis on multiple client and server-side software programs.
- Work with validation teams to determine best methods to test product security. Familiar with penetration testing and in some cases, can design and perform your own penetration tests.
- Investigate reported security incidents on our software and act as the communication point for executive updates in those situations.
- The role requires a practical view of the trade-offs of security and needs to be able to find acceptable compromises in terms of cost, schedule, and features.
- Serve as an information security subject matter expert and trusted advisor by providing advisory and consulting services as required
- Understand current and emerging security threats and partner with architecture to mitigate threats
- Stay abreast of new security technologies and integrate into security design when appropriate
Bachelor’s degree in Computer Science or related field, or demonstrated equivalent experience required
- 3-5 years of experience in software development and/or design.
- 2-3 years of experience in application security and/or leading secure coding development
- Experience designing and implementing Container Security, API Security, and Azure Cloud Security.
- Strong knowledge of Containerization technologies such as; Kubernetes, OpenShift, Docker
- Experience in encryption and authentication methodologies.
- Experience reviewing vulnerability assessments and code security reviews.
- Experience with security technologies and assessment tools.
- Deep understanding of OWASP Top 20, CWE 25, Data Protection
- Basic familiarity with waterfall and agile development processes and have experience integrating secure development practices into both models.
- Deep knowledge and experience in using SAST, DAST and fuzz testing tools
- Basic understanding of application, network, operating system, and core infrastructure security concepts and concerns
- Understanding of emerging technologies in IT such as a Cloud Platform and Mobile BYOD as well as the associated security risks
- Certification or willingness to attain certification within 18 months, CISSP or CSSLP certifications preferred.
- Strong analytical and problem-solving skills.
- Ability to meet established deadlines; must be a self-starter and be able to work independently as well as being a team player
- Excellent communication and presentation skills, with the ability to present ideas in a collaborative team setting and in a user-friendly language
- Ability to multitask
- Must be able to react quickly and efficiently to production issues
- Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including senior managers and suppliers
- Energy and a clear passion for the role
- Demonstrated personal values aligned with our servant leadership tenants
- Must be able to successfully pass a background check
******Referral Bonus Available: Refer your friends or colleagues, get referral bonus******
Apply here or Please send to firstname.lastname@example.org
Pay Rate: DOE/If your experience and skills match call us immediately for submission
Job Duration: 6 Months
% Travel Required: None
Job Posted by: Consulting Services
Job ID: OOJ - 2444
Work Authorization: Successful applicants must be legally authorized to work in the U.S