Application Security Engineer

Duties:PI Security responsibilities:• Defines specifications and develop code and utilities, modifies existing programs, prepares test data, and prepares functional specifications.• Establishes, participates, and maintains relationships with customers and subject matter experts to remain apprised of direction, architectural and technology trends, risks, and functional/integration issues.• Analyzes, designs, develops, codes and implements programs in one or more programming languages, for Web and Rich Internet Applications. Create various automated security integration solutions.• Work with the API Management platforms to develop APIs, Products, Plans, etc. and test them.• Develop UI and API functionality in languages including, but not limited to JavaScript, TypeScript and python.• Work with application development personnel and other technical team members to review existing and/or new APIs/web services in support of quality implementations that align with Security policies, procedures, and generally-accepted best practices.• Work closely with DevOps and cloud infrastructure architects and engineers to design, implement and manage secure, scalable, and reliable cloud infrastructure environments• Participates as a technology advisor to collaborate with Agile squads to deliver business benefits with effective and efficient use of technology Platform(s)• Ensures teams are validating for OWASP and performing industry leading application security practices.• Performs application program interface security assessments and remediation activities as part of the API security program.• Leverages the enterprise SSDLC processes and toolset.

Skills:• Bachelor's degree in Computer Science, Computer Engineering, Technology, Information Systems (CIS/MIS), Engineering or related technical discipline, or equivalent experience/training• 2 years of experience working as a frontend or backend software developer• API: Experience with HashiCorp Vault APIs, Cloud APIs and API gateway• Experience as a developer on a team consisting of five or more software developers• Ability to conduct independent research• Broad understanding of web service implementation paradigms (REST, SOAP)• Basic understanding of Cryptography concepts: hashing, signing, symmetric/asymmetric encryption and decryption• Basic understanding microservice application architecture, software cohesion and software coupling• Comfortable learning new programming languages as needed to conduct code reviews• Comfortable with the following tools and technologies: Git, SoapUI, Jenkins, Artifactory, SonarQube, Find Bugs, Docker Experience with deploying and configuring API scanning tools• Experience in Identity and access management concepts and technical specifications• Experience creating continuous integration pipelines (Cloud bees, Jenkins, Buddy, Urban Code, etc.)• Experience using integrated development environments (e.g. Visual Studio, Visual Studio Code, Eclipse)• Experience with Azure Resource Manager (ARM) and scripting tools, including PowerShell, Azure CLI, JavaScript, Shell scripts, Python, or similar languages.• Experience developing solutions that combine data from APIs, endpoints, and databases• Outstanding communication, analytical skills and ability to function in a globally diverse work environment• Experience working within an agile team (Scrum, Rally, etc.)• Familiarity with OWASP and the San's Top 25

Education and Experience:• Bachelor's degree in Computer Science or related field or equivalent experience/certification• API security 1 year• 2 years working as a Security Engineer• 1-year experience developing automation solutions in Python, Java or PowerShellbility to analyze complex problems and implement solutions and/or workarounds• Familiarity with NIST Special Publications (e.g. 800-171,800-53, CSF)
#J-18808-Ljbffr