Vacancy expired!
Software Guidance & Assistance, Inc., (SGA), is searching for an
Application Security Engineer for a FULL TIME assignment with one of our premier Investment Banking clients in New York, NY . Responsibilities :- Work closely with others in IT to develop a secure SDLC with gating functions for application source code and IaC.
- Define metrics and reporting on application security policies and processes and track adherence.
- Proactively research and identify application security vulnerabilities and provide recommended counter measures.
- Work with application development teams to design applications that are inherently secure.
- Automate AppSecOps automated security testing processes including SAST, DAST and IAST as appropriate.
- Perform code deep dives to uncover security vulnerabilities or design flaws.
- Provide subject matter expertise in application code and IaC security best practices.
- Support and consult with development teams in application security, including threat modeling and code reviews.
- Advocate and champion ShiftLeft security initiatives and processes.
- Contribute in raising the security awareness of team members through instructions and hands-on training.
- Have general awareness on industry data privacy standards across cloud providers and vendor product liabilities.
- Work as an active participant in an Agile development environment; attend daily standups, sprint planning and retrospectives.
- Bachelor's degree in Computer Science or related field (or equivalent experience)
- 4 or more years of IT DevSecOps/AppSecOps experience.
- Proficiency in one or more programming languages (Python, Java, C etc.)
- Understanding of CWE 25 and OWASP Top 10; with experience in implementing remediation strategies.
- Experience in application security and threat modeling.
- Familiar with application security control frameworks and its current usage in applications (e.g., Authentication, Cryptography and Data Protection, Authorization, Web Access Firewall etc.).
- Excellent understanding of application security testing automation including SAST, DAST and IAST.
- Knowledge of web application technologies and layer 7 protocols like HTTP, FTP, DHCP etc.
- Knowledge of exploit development and vulnerability research and reporting.
- Knowledge of mobile app code security testing.
- Experience in AWS technologies are a strong plus.
- Exposure to Python, NGNIX, Gunicorn and ReactJS is a plus.
- Experience working with code management tools such as Github.
- Must have the ability to work in a dynamic, fast-paced environment.
- Strong communication skills with ability to interact with stakeholders at various levels.
- Strong problem solving and analytical skills
Vacancy expired!