Vacancy expired!
- Ledgent Technology is looking for an Application Security Engineer to provide application security testing services to ensure consistent secure software development practices for our local client.
- Their focus is on building a DevSecOps culture working closely with their product and software development teams.
- In this role, you will serve as an expert by defining, supporting, and managing solutions that partner with cloud operations and application development teams to deliver business value for our client
- Support continuous delivery of application vulnerability scanning, remediation, and reporting across various platforms and architectures
- Manage application vulnerabilities scanning tools (DAST, SAST, and SCA) such as Veracode, SonarQube, and OWASP Dependency Checker
- Onboard applications into SAST, DAST, and SCA scanning solutions
- Tune false positives and validate findings with our application development teams
- Partner with the application development function to support streamlined, automated, and effective CI/CD pipeline security testing
- Drive a culture of DevSecOps, creating reporting and self-service capabilities to drive more ownership and accountability for security across functional teams
- Bachelor's Degree in Computer Science, related field, or an equivalent combination of education, training, and experience. Required.
- Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
- Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g. risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)
- Experience working with modern development practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines)
- Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g. FFIEC CAT, NIST, ISO, and PCI)
- Knowledge of security monitoring, diagnostic and administrative tools.
- Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA
Vacancy expired!