Vacancy expired!
The role of the Application Security Senior Engineer is to work closely with information technology and development staff to help implement secure systems, tools, and processes. As an engineer, you will be responsible for performing determining the technology that is implemented within the application security team, being an expert and mentor on all technologies used by the security staff, researching new security trends and improvements, getting new staff members up to speed on internal projects and new development, and providing direction and management of assigned projects. Additionally, engineers will look for opportunities to collaborate and educate other departments that are impacted by application security projects and processes.
RESPONSIBILITIES- Understand how to identify, exploit, and remediate the OWASP Top 10, SANS 25 software flaws, and other vulnerabilities through use of tools and code review and propose solutions for advanced development situations
- Use expertise in penetration testing, tools, and security methodology to develop new talent within the application security team
- Determine best tools or development to accomplish SAST and DAST needs
- Enhance department processes through scripting and development
- Train new department staff and developers in application security concepts and maintain training environment and infrastructure
- Develop and manage all application security projects as necessary, in areas such as: development, penetration testing, and/or system procurement
- Identify gaps in application architecture, internal processes, and training to help guide the improvement of the department
- Prioritize projects that will have the biggest impact on the application security program
- Maintain a professional working relationship with other departments through clear communication and project level collaborations
- Ability to work flexible hours, including weekends and evenings if needed
- Availability to respond to emergency situations as required
- Perform additional duties and assignments as requested
- Bachelor's degree in Technology Required, Computer Science Degree Preferred
- 10+ years of secure development, penetration testing, and/or architecture experience
- Expert knowledge of application vulnerabilities, exploits, and remediation techniques
- Experience with current web application technology and concepts including containerization, development operations, and mobile technologies
- Familiar with dynamic and static testing tools and techniques
- Familiar with secure coding principles and application architecture
- Comfortable with public speaking and training others on security principles
- Ability to work as part of a larger team to find solutions
- Excellent communication skills
- CSSLP, CISSP, GWAPT, OSCP, or similar certifications
Vacancy expired!