| Hiring now:: Sr. Application Security Engineer ::Hybrid (Hartford ,CT, or Minneapolis, MN) at Hartford, Connecticut, USA |
| Email: smallick@vyzeinc.com |
|
From: soumyaranjan mallick, vyze inc smallick@vyzeinc.com Reply to: smallick@vyzeinc.com Sr. Application Security Engineer Duration: 6MO CTH Location: Hybrid (Hartford ,CT, or Minneapolis, MN) Visa: GC/USC Only There is no network security, no firewall security, no intrusion detection, or any of that!!! This is 100% Application Security build-out from scratch. This person will help shape the team, will be assisting to hire 4 more resources for the team but initially 70% of the job will be planning, strategizing, setting standards, researching/ selecting tools & process, as the first guy in. Later as things fall into place the work will be enhancing process, testing, automating, code reviews, resolution, & nurturing the standards, education, and relationships with the many development teams in the 3 locations (CT, MD, MN). Should have tools include BURB, Pen Testing tools, Automation tools, SAST/DAST, OWASP Top 10, and a background in coding and scripting. The more variety the better (node, react, python, etc.) They need to be able to read code and close gaps in security by working with the application teams to write secure code for things like secrets management, prevent injection on form fields, etc. Loooking for around of 2/3 years engineering background + 4/5 years in the application security space- 1-2 yrs as a Lead or Sr. mentoring mid/jr would be a plus (6-10yrs total experience). What you will do: Provide guidance on application security for strategic initiatives within Business Insurance. Lead and mentor application security engineers within our value streams. Lead investigation and resolution efforts for critical, high impact problems, defects, and incidents. Lead application security reviews and threat modeling, including code review and dynamic testing. Lead in development of automated security testing to validate that secure coding best practices are being used. Guide and advise product development teams in the area of application security. Assist with recruiting activities and administrative work. Develop security training and socialize the material with internal development teams. Requirements of the Role: Experience as a software engineer, including with scripting languages Strong understanding and experience with common security libraries, security controls, and common security flaws A solid understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols) Ability to perform security testing, including penetration testing Experience with SAST/DAST/IAST tools Expertise in secrets management Experience in a technical leadership role; ability to guide and mentor others Keywords: green card Connecticut Maryland Minnesota |
| smallick@vyzeinc.com View All |
| 09:09 AM 07-Oct-23 |