The Application Security Engineer will be a part of the Cybersecurity Team focused on general application security, DevSecOps principles, and code quality. The Cybersecurity Team works with application development teams to ensure technology security and vulnerabilities are addressed and remediated throughout the system development life cycle (SDLC). As a senior member of the team, your focus will be building and maintaining relationships with different business units, influencing and injecting secure ideas into the roadmap, promoting best security practices, solving world-class security challenges, and pushing your engineering knowledge and expertise while continuously penetration testing our compute ecosystem.
- Conduct application security assessments and penetration tests (web, mobile, web service, etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools and/or code review tools
- Perform threat models and risk assessments to characterize the risk and severity posture of large-scale commercial or in-house enterprise applications
- Experience programming and scripting and ability to develop or adapt custom tooling to solve new needs
- Experience performing baseline static/dynamic application security assessments (SAST/DAST) on new applications and changes to applications
- Experience Writing security assessments and application threat profile reports
- Working knowledge of industry and commonly adopted secure standards, practices (e.g. applicable NIST standards, CIS, ISO, OWASP, SANS, BISMM, and CERT)
- Effectively applies knowledge and skills of software development and testing to solve a range of problems.
- Partners with other Technology Teammembers to provide advice or solutions within his or her area of expertise.
- Keeps informed about current developments within his or her area of expertise.
- Track and research the latest developments in vulnerability research
- Strong understanding of vulnerabilities, common attack vectors and how to resolve them
- Attacker mindset: ability to think about creative threats and attack vectors
- Proactively identifies problems, performs root cause analysis, investigates information, performs impact analysis; formulates and executes plans to develop solutions.
- Identifies strengths and weaknesses of alternative solutions, conclusions, or approaches to problems.
- Understands and can estimate effort and value for solutions
- Understands at a broad level how technology platforms/architectures are applied to automated business solutions.
Systems Development Engineering:
- Facilitate or complete Analysis, design, and programming of viable solutions to high complexity business problems according to user specifications.
- Develop or approve detail program specifications.
- Partner with Enterprise Architecture to evaluate and recommend emerging technologies, and influence technical designs.
Testing / Deliverable Quality:
- Participate in system and acceptance testing.
- Ensure that systems are functionally appropriate, technically sound, and well integrated.
- Test and implement system and enhancements using techniques that preserve system integrity.
- Responsible for immediate response to production program issues.
- Sets up or follows established procedures and standards to ensure high quality and quantity of work.
- Understand dependency identification processes in technology work, verifies information and carefully reviews and checks the accuracy of own work.
- Establishes or follows prioritization processes to drive work and has a sense of urgency about getting work completed.
- Looks for and seizes opportunities to do more or to do things better.
- Analyze and resolve multiple complex problems without direction.
- Research and recommend alternative actions for problem resolution.
- Employ productivity aids in all aspects of assignments.
- Highly organized and self-directed.
- Maintain partnerships with application development teams, participate in corrective action plans for identified issues
- Articulate risk and business impact to stakeholders
- Provide on-the-job training and mentoring to other members of the team
- Appropriately shares ideas and information with others.
- Practices attentive and active listening.
- Ensures that regular and consistent communications take place.
- Expresses ideas clearly and concisely in writing.
- Expresses oneself clearly in conversation and interaction with others.
Must be able to meet any physical ability requirements listed on this description.
May perform other job duties as directed by Employee’s Leaders.