Application Security Engineer

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

JOB RESPONSIBILITIES

Overall Purpose: Working in a team environment to provide the testing, analysis, and coordination of application security issues, supporting the development team and user base, while hardening the overall application security profile

Key Tasks

• Designing and implementation of automated security testing tools
• Performing Application level Penetration Tests
• Coordination, management, tracking, and executive level reporting of security issues identified via testing
• Triage, Research, Analysis, and Mitigation recommendations for identified vulnerabilities
• Participation in validation of software releases and hardware upgrades
• Communicate with Application Development when upgrades introduce application security issues
• Assist in efforts to further embed application security within the SDLC, specifically leveraging automation & continuous integration
• Participate in Application Security Assessments and Reviews
• Coordination between Engineering Teams and Information Security related to Penetration Testing, Tracking and Resolving Findings

Minimum:

• Bachelor's Degree in Computer Science, Computer Information Systems, Cyber Security, or similar accreditation
• 2+ years in an Application Security and/or Penetration Testing role
• Experience with integration of DAST and SAST Automated Testing Tools in a DevSecOps model

Essential Experience

• Experience in Application Penetration Testing and Software Development
• Familiarity with Security Frameworks and Standards, such as: NIST, HiTrust, HIPPA, and PCI
• Understanding of the most common vulnerabilities, such as: OWASP Top 10 or SANS Top 25
• Configuration of Continuous Integration processes using DevOps Tooling

Desired Experience

• Configuration of Continuous Integration processes using Jenkins
• Front-Web Web Development experience, specifically using Javascript
• Configuration and Administration of Apache and Java environments
• Configuration and Administration of AWS Serverless (Lambda) environments
• Authentication Frameworks, such as: SAML, OpenID, OAuth, etc.
• Cryptography implementation
• Creation of Security Standards/Best Practices
• Securing Distributed, Cloud Based Computing Environments

*Security Certifications (CISSP, GPEN, GWAPT, GXPN, etc.) considered a plus, but not required for this role.

Technical Skills: Java, JavaScript, Security Tools, Penetration Testing, SQL, Networking, Firewalls, Reverse Proxy, Web Application Firewalls

Attributes

• Customer focus, service delivery oriented
• Strong analytical and problem solving skills
• Strong written and verbal communication skills across all levels of the organization
• Maintain a calm, rational state in situations of ambiguity and high pressure
• Understanding of computer hardware and software skills
• Ability to work with team members spread over multiple locations

Job Category:

Posting End Date: