Application Security Engineer

Job Description:

• At least 2 years of experience in a relevant DevSecOps role and technical degree in computer / information science; or
• At least 4 years of experience in a relevant DevSecOps role; or
• At least 6 years of related field work experience, at least 1 year of which in a software development role, and at least 1 of which in a cyber security role and technical degree in computer / information science; or
• At least 8 years of relevant field experience, at least 1 year of which in a software development role, and at least 1 year of which in a cyber security role.
• Demonstrated experience working with technical and non-technical staff.
• Knowledge of application security, software development, and cyber security concepts.
• Basic knowledge of a broad range of IT, Security, Controls and Service Delivery standards and frameworks for example, International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Control Objectives for IT (CoBIT), and Capability Maturity Model Integration (CMMI).
• Experience with Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure or other cloud platforms, with experience in developing and implementing software.
• Experience developing software in various coding languages such as Java, C#, PHP, etc.
• Demonstrated knowledge of web applications, cyber security, and open-source technologies.
• Safety is an essential function of this job.
• Consistent and regular attendance is an essential function of this job.
• Ability to execute multiple projects and tasks under tight deadlines.
• Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24/7 due to the needs of the business).
• Strong interpersonal skills with the ability to communicate effectively with guests and other Team Members of different backgrounds and levels of experience.
• Must be able to work varied shifts, including nights, weekends, and holidays.

Additional Experience Recommended

• Professional certification in multiple programming languages (C#, .NET, Java, etc.) recommended.
• Professional certifications in cyber security (CISSP, OSCP, etc.) recommended.
• Experience with CI/CD and pipeline tools such as Jenkins, Docker, Kubernetes, and others.
• Knowledge of cloud platforms and services, with experience in cloud security.
• Experience with automated software and security testing tools and techniques.
• Ability to stay updated with the latest industry trends and advancements in cybersecurity.
• Understanding of enterprise software development practices.
• Experience working with software development teams.
• Experience identifying cybersecurity vulnerabilities and weaknesses in software.
• Experience reading, writing, and auditing software in multiple programming languages.
• Strong familiarity with common vulnerabilities and attack vectors.
• Knowledge of common encryption technologies (AES, PGP, SSH, SSL, etc.).
• Knowledge of common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.).
• Previous work experience as an Application/Product Security Engineer or Software Developer.
• Experience integrating security testing into an SDLC.
• Experience with incident response and handling methodologies.
• Experience with security technologies such as intrusion detection/prevention systems (IDS/IPS), firewalls, SIEM, etc.