Remote Application Security Engineer

Summary

Join our team as an Application Engineer and play a vital role in ensuring the security and integrity of our applications, systems, and data. Working closely with cross-functional Agile teams, you will report to the Information Security Application Security Team. Your responsibilities include partnering with various teams to integrate security requirements, conduct threat modeling, and perform security testing. You will also provide guidance on secure coding principles and promote security awareness. This role requires experience in software development and application security, knowledge of security standards, and strong problem-solving skills. A bachelor's degree and relevant certifications are preferred.

Requirements

• Be fluent in English
• Have 1+ years of experience in a software development role such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer with a good understanding of application security
• Possess knowledge of web application (SaaS) design best practices and secure software development
• Have familiarity with relevant security standards, regulations, and frameworks (e.g., OWASP, NIST, ISO 27001)
• Have experience with SOAP and REST APIs
• Have 1+ years of experience completing application security testing engagements and reports
• Possess solid knowledge of common web application security vulnerabilities, secure coding principles, and secure development frameworks
• Demonstrate the ability to work collaboratively within a team and across departments to achieve common security goals
• Possess strong problem-solving skills and the ability to think critically under pressure
• Be self-motivated, proactive, and able to work independently with minimal supervision

Responsibilities

• Partner with enterprise and solutions architects, software engineers, product owners, DBAs and QA engineers to ensure adequate security is in place throughout the SDLC
• Collaborate with Agile teams throughout the software development lifecycle to integrate security requirements, perform risk assessments, and address security issues
• Provide guidance and support to Agile teams on secure coding principles, security frameworks, and OWASP Top 10 vulnerabilities
• Conduct threat modeling exercises with Agile teams to identify potential security threats and recommend appropriate mitigation strategies
• Plan, coordinate, and execute security testing activities, including penetration testing, vulnerability scanning, and security assessments. (Experience with Dynamic Application Testing)
• Assist in incident response activities related to application security incidents and contribute to post-incident reviews to improve security measures
• Promote security awareness within Agile teams by organizing workshops, training sessions, and providing timely security updates
• Maintain accurate and up-to-date security documentation, including security guidelines, standards, and procedures, to ensure compliance with industry regulations
• Continuously monitor and assess the security posture of applications, propose enhancements, and drive the implementation of security improvements
• Identify and communicate potential security risks and vulnerabilities to the Information Security Application Security Team, helping in the formulation of risk management strategies
• Foster a collaborative and productive working relationship with Agile teams, sharing knowledge and best practices to improve overall security awareness and practices
• Evaluate and recommend security tools, solutions, and technologies that align with the organization's security goals

Preferred Qualifications

• Have a Bachelor's degree in Computer Science, Information Security, or a related field
• Have relevant certifications (e.g., CISSP, CISM, CSSLP)
• Have experience with security testing tools and techniques (e.g., SAST, DAST, IAST) to identify and remediate security issues
• Possess a strong understanding of Agile software development methodologies and experience working closely with Agile development teams
• Have strong knowledge of .NET 4.0+ and Core, MVC 4/5, and Entity Framework
• Possess excellent communication and interpersonal skills, with the ability to convey complex security concepts to technical and non-technical stakeholders
• Have knowledge of DevSecOps practices and experience with CI/CD pipelines