Remote Senior Information Security Applications Engineer

Summary

Join Talentus as a Senior Information Security Applications Engineer to work closely with our Engineering team on secure SDLC activities, participate in security operations, and contribute to the design, planning, and implementation of security-related projects.

Requirements

• Five years of experience in software development, engineering, or architecture
• Substantial professional experience focused on security
• Deep understanding of web application architecture design, software development, and related security concepts, including secure coding patterns, OWASP, data flows, authentication, and data protection
• Exceptional communication and collaboration skills
• Ability to shape and support secure practices carried out by others
• Experience with threat modeling methodologies, ideally STRIDE
• Ability to integrate security principles and techniques such as IAM, penetration testing, defense in depth, and change management into development processes
• Proficiency in several coding languages and the ability to quickly learn and apply security concepts to new languages
• Experience with relational database design and SQL query language
• Solid organizational skills and ability to prioritize tasks
• Ability to thrive in a fast-paced, constantly changing environment
• High level of integrity, trustworthiness, and ethics

Responsibilities

• Interact with the Engineering team on secure SDLC activities: Manage and mature the application security program through direct interactions
• Work with architects and engineers to review and design security requirements
• Interact with sprint teams on security-related issues, such as secure code reviews, threat modeling, coding patterns, and security awareness
• Determine and report on secure SDLC metrics
• Participate in security operations activities: Review patch and vulnerability notifications as issued
• Conduct vulnerability discovery, validation, and remediation tracking
• Collaborate with IT teams to design remediations and shepherd them through to completion
• Monitor and review indicators of compromise from various systems
• Contribute to the design, planning, and implementation of security-related projects
• Write, review, and update security documentation and respond to audit requests

Preferred Qualifications

• At least one security-focused certification related to skillset and experience
• Technical experience with Windows and Linux operating system security configuration
• Understanding of network architecture, including cloud-related security concepts, concerns, and technologies
• Experience implementing governance models such as NIST CSF or ISO 27001
• Experience with Agile project management techniques
• Financial industry experience
• Experience with regulated environments such as PCI, HIPAA, GLBA, SOX, FFIEC

Benefits

• Contractor model
• 100% remote
• Salary in USD
• Paid vacations
• Day off for birthdays
• Benefits for courses and/or certifications