| Hiring Now : : SR. APPLICATION SECURITY ENGINEER : : Remote at Remote, Remote, USA |
| Email: [email protected] |
| From: Surya kanta pradhan, Vyze inc. [email protected] Reply to: [email protected] Title: SR. APPLICATION SECURITY ENGINEER Location: Remote Duration: 6-12 Months Visa: USC/GC Moi: video Bottom Line / In a Nutshell: 5+ years' experience in Application Security Experience with at least 3 of the following: SAST, SCA, DAST, IAST, Fuzz Testing, ASPM, Threat Modeling or similar Must be able to read code; don't have to have experience writing code but must understand it Software Development background is a plus; ideal: C#, GoLang, .NET, .NodeJS Job Description: Essential Duties & Responsibilities: Act as a primary technical resource in development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities. Manage application security program across multiple SDLCs. Ensure cybersecurity requirements are met prior to production release. Triage potential vulnerabilities identified by application security program with context of application and related business knowledge. Maintain understanding of core functionality of supported software and first-party applications. Review and understand code from both business logic and technical standpoint. Coordinate with developers to prioritize and remediate identified true positive vulnerabilities. Collaborate with software development and quality assurance teams to ensure code is free from security defects. Communicate cybersecurity standards applicable to technology and coding workflows. Working with Application Security Engineers, optimize security with existing technologies and processes. Provide technical guidance to developers and engineers on cybersecurity best practices. Review performance of controls such as threat modeling, SCA, SAST, DAST, IAST, RASP, Secrets Scanning, Container Scanning, Misconfiguration Identification, Secure Code Review, CI/CD Pipeline Security, and Deployment Environment Security. Coordinate with software development leadership, operations leadership, IT leadership, and cybersecurity leadership to integrate application security practices across departments. Actively seek ways to improve secure software development processes. Additional Responsibilities: Develop and maintain security policies, standards, and guidelines. Conduct code analysis of first-party enterprise applications, through both manual and automation enabled processes. Provide remediation guidance and recommendations to developers and administrators based on identified vulnerabilities and existing technology stack. Work with software development teams to prioritize and validate the urgency of mitigation of identified product vulnerabilities and security feature enhancement requests. Stay updated with the latest cybersecurity threats and trends and incorporate this knowledge into security architecture designs and practices. Conduct training and awareness programs to enhance the security posture of the organization. Participate in security audits and assist in regulatory compliance efforts. Work closely with IT operations and software development teams to ensure secure systems deployment and operations. Actively contribute to the organizations cybersecurity strategy and roadmap Minimum Qualifications: 21 years of age. Proof of authorization to work in the United States. Outstanding collaboration and communication skills. Any of the following combinations of education, professional experience, or both: At least 2 years of experience in a relevant DevSecOps role and technical degree in computer / information science; or At least 4 years of experience in a relevant DevSecOps role; or At least 6 years of related field work experience, at least 1 year of which in a software development role, and at least 1 of which in a cyber security role and technical degree in computer / information science; or At least 8 years of relevant field experience, at least 1 year of which in a software development role, and at least 1 year of which in a cyber security role. Demonstrated experience working with technical and non-technical staff. Knowledge of application security, software development, and cyber security concepts. Basic knowledge of a broad range of IT, Security, Controls and Service Delivery standards and frameworks for example, International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Control Objectives for IT (CoBIT), and Capability Maturity Model Integration (CMMI). Experience with Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure or other cloud platforms, with experience in developing and implementing software. Experience developing software in various coding languages such as Java, C#, PHP, etc. Demonstrated knowledge of web applications, cyber security, and open-source technologies. Safety is an essential function of this job. Consistent and regular attendance is an essential function of this job. Perform other related duties as assigned. Ability to execute multiple projects and tasks under tight deadlines. Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24/7 due to the needs of the business). Strong interpersonal skills with the ability to communicate effectively with guests and other Team Members of different backgrounds and levels of experience. Must be able to work varied shifts, including nights, weekends, and holidays. Additional Experience Recommended: Professional certification in multiple programming languages (C#, .NET, Java, etc.) recommended. Professional certifications in cyber security (CISSP, OSCP, etc.) recommended. Experience with CI/CD and pipeline tools such as Jenkins, Docker, Kubernetes, and others. Knowledge of cloud platforms and services, with experience in cloud security. Experience with automated software and security testing tools and techniques. Ability to stay updated with the latest industry trends and advancements in cybersecurity. Understanding of enterprise software development practices. Experience working with software development teams. Experience identifying cybersecurity vulnerabilities and weaknesses in software. Experience reading, writing, and auditing software in multiple programming languages. Strong familiarity with common vulnerabilities and attack vectors. Knowledge of common encryption technologies (AES, PGP, SSH, SSL, etc.). Knowledge of common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.). Previous work experience as an Application/Product Security Engineer or Software Developer. Experience integrating security testing into an SDLC. Experience with incident response and handling methodologies. Experience with security technologies such as intrusion detection/prevention systems (IDS/IPS), firewalls, SIEM, etc. Keywords: csharp continuous integration continuous deployment information technology green card Hiring Now : : SR. APPLICATION SECURITY ENGINEER : : Remote [email protected] |
| [email protected] View all |
| Wed Oct 23 01:18:00 UTC 2024 |