What are the responsibilities and job description for the Senior Engineer - Application Security position at Request Technology, LLC?
Job Details
Senior Engineer Application Security
Salary: Open Bonus
Location: Chicago, IL / Dallas, TX
Hybrid: 3 days onsite, 2 days remote
*We are unable to provide sponsorship for this role*
Qualifications
- Bachelor s degree
- 3 Years strong proficiency in network and application penetration testing.
- Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.).
- Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
- Experience testing in commercial cloud environments (AWS, Azure, Google Cloud Platform, IaaS/PaaS/SaaS).
- 5 Years experience in Information Assurance or Information Security environment.
- Strong experience with custom scripting (python, C , PowerShell, bash, etc.) and process automation.
- Experience writing scripts and working with containers in a CI/CD pipeline
- Experience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others.
- Ability to understand and modify code in a diverse range of programming languages and frameworks.
- Familiarity with application frameworks and their built-in security services and API s (i.e., Sun J2EE, MS .NET, OMG CORBA, Spring, etc.)
- Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed.
Responsibilities
- Application Security Testing
- Perform retests of vulnerabilities to verify previous findings have been remediated.
- Review reports of the testing and conduct security risk assessments of the vulnerabilities.
- The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments.
- Conduct code scans using automated tools and risk rate the vulnerabilities according to the organization risk profile and mitigating controls.
- Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams.
- Assist with application security vulnerability management including implementation of new vulnerability management tools.
- Setup Command & Control C2 Infrastructure.
- Understand vulnerabilities and develop relevant payloads for use during pen testing activities.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
