Application Security Engineer

In this role, as an Application Security Engineer, you will work as a part of our security engineering team and you will collaborate with other IT professionals to ensure that data is protected. You will be responsible for suggesting and implementing with best security practices within software development lifecycle (SDLC).

You will responsible for setting up security controls and design requirements during the software creation and development stage of the software lifecycle.

You will also participate in related business and security projects.

You will work closely with leadership and staff to extract data to support recommendations for new security-related procedures and/or revisions.

This role will guide the organization on standard security methodologies.

This position will also play a meaningful role in leading and responding to client security surveys and internal 3rd party audits.

What you will be doing:-

· Developing and maintaining software application security policies and procedures · Developing and maintaining documentation of application security controls · Implementing software application security controls

· Designing technical solutions to address security weaknesses

· Analyzing system services, spotting issues in code, networks and applications

· Following security best practices in performing tasks

· Providing technical leadership, guidance, and direction to the application security team

· Participate in and support application security reviews and threat modeling, including code reviewand dynamic testing.

· Support and consult with product and development teams in the area of application security.

· Assist in development of automated security testing to validate that secure coding best practices are being used · Assist in creation of security training

· Provide leadership for application vulnerability scanning and penetration testing remediation

· Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools

· Prepare security reports for benchmarking security efficiency.

· Act as a technical point of contact during escalated security events.

· Responsible to manage Cybersecurity incident response.

· Participate in the change management board, ensuring security is a consideration in all changes.

· Provide support to the Information Security Manager on all application security activities

· Determines security violations and inefficiencies by conducting periodic audits. · Provide evidence to the auditee for the Information Systems audits when needed. Essential Functions

· Work closely with cross-functional teams (Engineering, DevOps, Product) while carrying out daily tasks

· Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production

· Exploit security flaws and vulnerabilities with attack simulations on network as well as multiple application platforms like Web, iOS, Android and cloud platform. · Support the bug bounty program.

· Perform application security vulnerability management using tools like (Acunetix, Veracode etc.)

· Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools

· Understanding of patch management. Working the patch management team to analyze the risk of the breaking the environment with installing the patch. And also ensure deployment of patches in a timely manner while understanding business impact.

· Investigate security breaches and other cybersecurity incidents. · Stay up to date on information technology trends and security standards. Skills needed to be successful. · Excellent analytical skills, with an ability to translate business needs into practical security posture.

· Familiarity with common security libraries, security controls, and common security flaws · Strong analytical and problem-solving skills · Automation enablement to reduce testing workloads

· Rapid decision-making to prevent delayed releases due to security issues

· Basic development or scripting experience and skills

· A good understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols). ·

Experience working with development team. · Knowledgeable with Anti-Virus, HIPS, ID/PS, Full Packet Capture, RSA Security · Familiarity with ISO 27001, SOC 2, NIST 800-53 or other security frameworks

· Ability to prioritize more than one task at a time · Assist in root cause analysis for incident management

· Must have excellent written and spoken communication skills with the ability to explain technical information to non-technical people. · Willing to work non-standard hours and be on-call.

Required Experience & Education · Bachelor’s degree in Information Technology, Computer Science · 2 years of experience in information security industry ·

Experience with vulnerability scanning tool and solutions.

·Experience with OWASP, static/dynamic analysis, and common security tools ·Experience with Microsoft Windows, Linux, and macOS.

Supervisory Responsibilities -NA