NTD Software is hiring a
Application Security Engineer

Summary

As an Application Engineer, you will work closely with cross-functional Agile teams to ensure the security of applications throughout the SDLC. You will report directly to the Information Security Application Security Team and act as a liaison and subject matter expert aligning efforts across the broader security strategy.

Requirements

• 1+ years of experience in a software development role such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer with a good understanding of application security
• Knowledge of web application (SaaS) design best practices and secure software development
• Familiarity with relevant security standards, regulations, and frameworks (e.g., OWASP, NIST, ISO 27001)
• Experience with SOAP and REST APIs
• 1+ years of experience completing application security testing engagements and reports
• Solid knowledge of common web application security vulnerabilities, secure coding principles, and secure development frameworks
• Demonstrated ability to work collaboratively within a team and across departments to achieve common security goals
• Strong problem-solving skills and the ability to think critically under pressure
• Self-motivated, proactive, and able to work independently with minimal supervision

Responsibilities

• Partner with enterprise and solutions architects, software engineers, product owners, DBAs and QA engineers to ensure adequate security is in place throughout the SDLC
• Collaborate with Agile teams throughout the software development lifecycle to integrate security requirements, perform risk assessments, and address security issues
• Provide guidance and support to Agile teams on secure coding principles, security frameworks, and OWASP Top 10 vulnerabilities
• Conduct threat modeling exercises with Agile teams to identify potential security threats and recommend appropriate mitigation strategies
• Plan, coordinate, and execute security testing activities, including penetration testing, vulnerability scanning, and security assessments
• Assist in incident response activities related to application security incidents and contribute to post-incident reviews to improve security measures
• Promote security awareness within Agile teams by organizing workshops, training sessions, and providing timely security updates
• Maintain accurate and up-to-date security documentation, including security guidelines, standards, and procedures, to ensure compliance with industry regulations
• Continuously monitor and assess the security posture of applications, propose enhancements, and drive the implementation of security improvements
• Identify and communicate potential security risks and vulnerabilities to the Information Security Application Security Team, helping in the formulation of risk management strategies
• Foster a collaborative and productive working relationship with Agile teams, sharing knowledge and best practices to improve overall security awareness and practices
• Evaluate and recommend security tools, solutions, and technologies that align with the organization's security goals

Preferred Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CISM, CSSLP) are a plus
• Experience with security testing tools and techniques (e.g., SAST, DAST, IAST) to identify and remediate security issues
• Strong understanding of Agile software development methodologies and experience working closely with Agile development teams
• Knowledge of .NET 4.0+ and Core, MVC 4/5, and Entity Framework
• Excellent communication and interpersonal skills, with the ability to convey complex security concepts to technical and non-technical stakeholders

Benefits

Knowledge of DevSecOps practices and experience with CI/CD pipelines is desirable