Application Security Engineer

**Job Summary**:
**Job Type**

**Seniority**

Senior

**Years of Experience**
Information not provided

**Tech Stacks**
OpenID Strategy Container OAuth AWS Docker Jenkins SAML LDAP Google Cloud CI Microsoft Azure Java Kubernetes C#.NET PHP

**Position Overview**:
**Essential Duties & Responsibilities**:

- Act as a primary technical resource in development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities.
- Ensure cybersecurity requirements are met prior to production release.
- Review and understand code from both business logic and technical standpoint.
- Coordinate with developers to prioritize and remediate identified true positive vulnerabilities.
- Collaborate with software development and quality assurance teams to ensure code is free from security defects.
- Communicate cybersecurity standards applicable to technology and coding workflows.
- Working with Application Security Engineers, optimize security with existing technologies and processes.
- Provide technical guidance to developers and engineers on cybersecurity best practices.
- Review performance of controls such as threat modeling, SCA, SAST, DAST, IAST, RASP, Secrets Scanning, Container Scanning, Misconfiguration Identification, Secure Code Review, CI/CD Pipeline Security, Deployment Environment Security.
- Actively seek ways to improve secure software development processes.

**Additional Responsibilities**:

- Develop and maintain security policies, standards, and guidelines.
- Provide remediation guidance and recommendations to developers and administrators based on identified vulnerabilities and existing technology stack.
- Work with software development teams to prioritize and validate the urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
- Stay updated with the latest cybersecurity threats and trends and incorporate this knowledge into security architecture designs and practices.
- Conduct training and awareness programs to enhance the security posture of the organization. Participate in security audits and assist in regulatory compliance efforts.
- Work closely with IT operations and software development teams to ensure secure systems deployment and operations.
- Actively contribute to the organization’s cybersecurity strategy and roadmap.

**Minimum Qualifications**:

- Outstanding collaboration and communication skills.
- Any of the following combinations of education, professional experience, or both:
At least 2 years of experience in a relevant DevSecOps role and technical degree in computer / information science; or

At least 4 years of experience in a relevant DevSecOps role; or

At least 6 years of related field work experience, at least 1 year of which in a software development role, and at least 1 of which in a cyber security role and technical degree in computer / information science; or
- At least 8 years of relevant field experience, at least 1 year of which in a software development role, and at least 1 year of which in a cyber security role.
- Demonstrated experience working with technical and non-technical staff.
- Basic knowledge of a broad range of IT, Security, Controls and Service Delivery standards and frameworks for example, International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Control Objectives for IT (CoBIT), and Capability Maturity Model Integration (CMMI).
- Experience with Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure or other cloud platforms, with experience in developing and implementing software.
- Experience developing software in various coding languages such as Java, C#, PHP, etc.
- Safety is an essential function of this job.
- Consistent and regular attendance is an essential function of this job.
- Ability to execute multiple projects and tasks under tight deadlines.
- Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24/7 due to the needs of the business).
- Strong interpersonal skills with the ability to communicate effectively with guests and other Team Members of different backgrounds and levels of experience.
- Must be able to work varied shifts, including nights, weekends, and holidays.

**Additional Experience Recommended**:

- Professional certification in multiple programming languages (C#,.NET, Java, etc.) recommended.
- Professional certifications in cyber security (CISSP, OSCP, etc.) recommended.
- Experience with CI/CD and pipeline tools such as Jenkins, Docker, Kubernetes, and others.
- Knowledge of cloud platforms and services, with experience in cloud security.
- Experience with automated software and security testing tools and techniques.
- Ability to stay updated with the latest industry trends and advancements in cybersecurity.
- Understanding of enterprise software development practices.
- Experience wo