Application Security Engineer

Summary

Join Energy Solutions, a growing company focused on market-based programs for energy and water savings, as an Application Security Engineer. You will perform day-to-day application security and compliance activities, collaborating with multiple business units. Professionalism and high ethical standards are essential. This role involves managing security tasks in the SDLC, collaborating with developers, and recommending security improvements. You will also manage security components in various platforms and tools, train IS staff, and ensure compliance with relevant frameworks like SOC 2 and NIST 800-53. The position offers a competitive salary and a generous benefits package.

Requirements

• Minimum 3 years of hands-on application security experience, including secure SDLC integration, design review, best practices and vulnerability identification/remediation
• Minimum 3 years hands-on experience securing web application frameworks and applications
• Minimum 3 years of security frameworks : NIST-800-53/ SOC 2

Responsibilities

• Manage security related tasks in the SDLC to ensure that software development activities remain in compliance
• Responsible for interpreting, justifying, explaining, reviewing, etc. compliance related changes and requirements to our code base leads
• Collaborate with software developers and code base leads
• Be the bridge between the technical requirements from the business (ie. Security, Privacy, Compliance)
• Participate as a SME in security architecture including new designs and design review
• Recommend application security improvements based on best practices, OWASP standards and other web application security frameworks
• Actively review architecture and compliance-related code changes
• Manage and maintain API Security including vulnerability scans and best practices
• Manage security components of the Mendix web development platform
• Manage security components in Django
• Manage scans and findings from Static Code Analysis tools such as GitHub Advanced Security
• Train and educate IS staff on security best practices including OWASP Top 10
• Ensure compliance with policies and standards such as secure separation of environment
• Manage and maintain all security related tickets, including recommendations, testing and validation
• Security Compliance (SOC 2 and NIST 800-53 control implementation and maintenance)
• Scan and Remediate vulnerabilities
• Monitor and maintain compliance with SOC 2, NIST 800-53 and other required frameworks
• Security representative for Configuration Change Control
• Verification of implemented security controls
• Standards, Processes and Tools for Security compliance
• Criticality Analysis and Impact Analysis of security related changes
• SIEM - Ongoing security monitoring including Datadog, application logs, CloudWatch and other systems
• AWS
• Manage and maintain security in AWS Security including IAM policies, permissions, security groups and security monitoring
• Maintain Web Application Firewall and associated rules to protect applications and systems
• Manage and monitor Database Security (RDS, Postgres, Redshift) including reviewing logs and validating permissions and making security recommendation

Preferred Qualifications

• Excellent verbal and written communication skills
• Strong organizational skills and attention to detail
• Strong analytical and problem-solving skills
• Ability to prioritize tasks according to severity
• Ability to adapt to the needs of the organization
• Experience with Django/Python preferred
• Proficient in AWS Security services ( I.E. Cloud watch, Guard Duty)
• Excellent interpersonal and negotiation skills
• Excellent organizational skills and attention to detail
• Excellent time management skills with a proven ability to meet deadlines
• Strong analytical and problem-solving skills

Benefits

• Medical, dental and vision insurance
• Other pre-tax contribution plans
• Employee Stock Ownership Plan (ESOP)
• Generous retirement package