Job Openings
Application Security Engineer
About the job Application Security Engineer
Responsibilities:
- Assist software development teams with understanding and remediating automated scan results of software source code as well as penetration testing
- Assist the Business Unit Security Officers in the risk assessment process by assessing application risks and providing security recommendations for improved application design or coding
- Work with the developers throughout the software engineering lifecycle to ensure compliance with secure software development best practices
- Drive adoption of GWAM segment code scanning capabilities and of the DevSecOps pipeline
- Develop and deliver Cybersecurity analytics that will allow for data driven decisions.
- Deliver regular reporting on initiatives, program progress and key areas of risk.
- Develop or acquire targeted training for development teams in secure coding and other security practices
- Identify, propose and acquire toolsets to assist with the security assessment process in an Agile and DevOps environment
Qualifications:
- Minimum of 3-5 years of software development experience and 3+ years of work experience in application security
- Development and/or security-related experience with web applications, web services, and mobile applications including:
- at least 1 of the following core languages: Java, C, C++, .NET, or C#
- and 2 of the following languages: HTML, JavaScript, PHP, Perl, SQL, Ruby, or COBOL
- Experience working on or closely with development teams in the Software Development Life Cycle (SDLC) using DevOps, Agile and/or waterfall methodologies
- Ability to understand and interpret vulnerabilities and communicate business impact and remediation actions to management
- Ability to rapidly learn new technologies and business functions
- Excellent analytical, presentation, and communication (oral and written) skills to work with technical and non-technical audiences
- Results-oriented, high energy, self-motivated
- Excellent leadership, teamwork, and client service skills
- Security related certifications, such as CISSP, CSSLP, or SANS GIAC, a plus