Senior Application Security Engineer

Senior Application Security Engineer

The Senior Application Security Engineer is responsible for ensuring the security of the organization's business applications including business logic testing, code scanning and web application firewall. The individual will work closely with application development and production support teams to coordinate risk assessment, vulnerability analysis and remediation for business. This individual will also need to educate and assist application teams to adopt secure development best practices. The Senior Application Security Engineer will help define and drive the implementation of these capabilities and work to integrate application security processes within the SDLC and CI/CD processes.

Responsibilities:

• Application of secure code practices.
• Ensuring compliance with secure coding practices.
• Ensuring products and services are scanned for defects and security issues.
• Ensuring those defects and security issues are resolved.
• Coordination with DevOps, Software Engineering and Development teams on remediating defects that are related to security issues.
• Onboarding of applications into the web application firewall along with configuration and troubleshooting.
• Training Developers on secure code practices.
• Ensuring the SDLC includes secure coding methodology.
• Ensures that the user community understands and adheres to necessary procedures to maintain security.
• Performs root cause analysis of complex application security issues and provides recommendations to stakeholders on the best course of action to remedy the problem.
• Performs ongoing application security reviews to ensure compliance with internal security standards and regulatory requirements.
• Assist in responses to external audits, penetration tests and vulnerability assessments.
• Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business.
• Interview, develop, coach, lead and retain top-tier talent, with a focus on building and improving a team and culture that is able to assist in employing best in class practices to support and drive high levels of internal and external customer satisfaction.
• Complete all responsibilities as outlined in the annual performance review and/or goal setting.
• Complete all special projects and other duties as assigned.
• Must be able to perform duties with or without reasonable accommodation.

Qualifications:

• BS degree in Cyber Security/Computer Science/MIS, equivalent and a minimum of 8 years relevant industry experience.
• Experience with agile development methodologies (Scrum, Kanban, sprint iterative).
• Demonstrated passion for information security and application security.
• 8 years in application security with hands-on exposure to industry standard platforms like Veracode, Rapid7, WAF, Burp Suite and/or Fortify.
• Vulnerability management and remediation experience.
• Experience securing API's.
• Active involvement with practices emerging from OWASP, NIST and SANS.
• Experience validating penetration test findings and recommending remediations.
• Demonstrated project management skills and ability to track and report progress against established milestones, metrics and...