Applications Security Engineer

Job Description

Job Description

Top Skills' Details

1. 5 years experience in Application security scanning and testing

2. Previous full stack Java experience as well as CI / CD, Dev ops

3. Hands on experience with Qualys

Job Description

The IT Security Threat Analyst independently develops, maintains, and implements comprehensive information security monitoring programs including defining security policies, processes and standards for large and complex environments. Perform comprehensive threat analysis and recommends appropriate course of action, mitigation, and remediation. Provide consultative guidance on the development of information security strategies and programs through demonstrated expertise and knowledge of industry trends and changes with respect to advanced and sophisticated cyberattacks and threats. Lead efforts, oversee work results, provide formal training and serve as a technical resource for Information Security team members. They are the single point of contact and coordination for third-party incident response teams and law enforcement agencies if the environment is breached.

Essential Functions - The essential functions listed represent the major duties of this role, additional duties may be assigned.

• Subject matter expert in the detection and identification of web application cyberattack signatures, tactics, techniques and procedures associated with advanced threats
• Independently and proactively prepares detailed technical papers, presentations, recommendations, and findings for Management and other Technology Leaders
• Develops and maintains documentation for security evaluation procedures
• Serve as a subject matter expert for team members, specializing in web application security monitoring and application analysis
• Creates and leads initiatives to improve web application security evaluation processes
• Leads improvements discussions with third-party vendor regarding security evaluations
• Proactively identifies company-wide program opportunities and works to implement solutions. Guides the direction of the overall information security monitoring and application security program

Required Work Experience :

5 years related work experience within IT Security

Experience utilizing multiple web application scanning tools.

Experience recommending web application security analysis tools.

Experience working in Agile methodology environment.

Experience working with REST services (prefer also SOAP experience).

Experience with scripting (prefer also some application code development experience).

Required Education :

Related Bachelor’s degree or additional related equivalent work experience IT related field

Additional Required Qualifications :

Strong technical knowledge of security architecture, tools and controls with specific demonstrated experience in web application security evaluation.

Experience working and managing vendor performance and service level agreements

Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.

Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.

Ability to communicate highly complex technical information clearly and articulately for all levels and audiences.

Ability to manage tasks independently and take ownership of responsibilities

Ability to learn from mistakes and apply constructive feedback to improve performance

Strong customer focus with ability to manage customer expectations and experience and build long-term relationships.

Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.

Ability to adapt to a rapidly changing environment and quickly identify new trends and industry changes specific to security and advanced cyberattacks

Top Skills' Details

1. Background as a full stack Java developer with scripting experience like Bash or Python

2. Experience with security testing (SAST, DAST, RASP etc.)

3. Understanding of OWASP Top 10, software security, secure coding, vulnerability management.

4. Knowledge of Cloud Infrastructure and Dev Ops methodologies : Containers (Docker), Kubernetes, micro-services

Secondary Skills - Nice to Haves

Job Description

The Application Vulnerability Management team is responsible for discovering technical vulnerabilities within in-house developed applications. This includes the actual code developed by analysts, dependencies such as open source libraries and container technology. The team analyzes in-house developed applications for known vulnerabilities (e.g., CVE-based vulnerabilities, CWE-based vulnerabilities and OWASP Top 10 vulnerabilities, pripritizes them, and works with the appropriate asset owner to determine if remediation, mitigation or risk acceptance is required and complies with appropriate timelines. Vulnerability tracking and metrics reporting is also part of the teams output.

Responsibilities

Skills and Knowledge - Web application attacks and trends - Basic operational knowledge of : HTTP / S, XML, HTML, JavaScript, AJAX (Web 2.0) - Web Infrastructure Security (e.g., NGINX, Tomcat, IIS, etc.) - Authentication and Session management - Exploits (e.g., CSRF, XSS, HTTP Response Splitting, Injection attacks, XML External Entities, etc.) - Remediation (e.g., Escaping, Encoding, Input / Output Validation, Parameterized Queries, etc.) - Mitigation (e.g., WAF, IPS, XML Gateway / Firewall, etc.) - Scripting / automation skills (e.g., Python, JavaScript, Powershell, etc.)

Additional Skills & Qualifications