The Application Security Engineer is a results-oriented cybersecurity champion who can communicate application security risks to development, vulnerabilities to system administrators and threats to our business teams. This role will focus on daily security operations of several development teams. The ideal candidate can identify weaknesses in source code and clearly communicate those to developers. They should know the OWASP Top 10 and be able to speak to common software vulnerabilities in a deep and meaningful manner. Key Responsibilities: Function as the primary point of contact for application security architecture, owning security design for all application development and SDLC activity Analyze source code, applications, application configurations and business logic for threats, risks and vulnerabilities Build and maintain the security functions of the SDLC, including IDE assistants, static code analysis tools, third-party library management tools, dynamic and interactive analysis tools Perform/redesign routine application security assessments and penetration tests Provide application security architecture expertise to developers, architects and testers for building resilient products Prepare and present application risk information for our security team Develop high-level application security policies and procedures Lead our technology infrastructure teams in developing application hardening standards Ensure application security control implementations are complete and accurate, and regularly test control effectiveness Educate developers on application security best practices Develop and maintain rule sets for web application firewalls (WAF) Manage the development of hardened application containers Job Requirements Subject matter expertise in software development and/or security engineering is required 5 years of application security design/architect experience Expertise with core IT security and architectural components: firewalls, switches, routers, VPN, authentication, encryption, IPS, traffic management, storage, databases, virtualization, automation, configuration management Previous skills in one or more programming languages (Java, C#, Ruby, Python, etc.) Strong knowledge of modern languages and frameworks preferred (Angular, Spring/boot, Aurelia, React, etc.) Well versed with containerization architectures (Docker, Kubernetes, etc.) preferred Must possess demonstrable knowledge of modern cryptography Strong background utilizing cybersecurity frameworks and application security models such as CIS, ISO 27001/2, SAMM, COBIT, OWASP OpenSAMM CISSP, CEH, Security, or other security-related certifications are desirable
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.