Junior Application Security Engineer

Overview: We are looking for a motivated and detail-oriented Junior Application Security Engineer to join our global application security team. In this entry-level role, you will primarily focus on onboarding security tooling, maintaining documentation, and supporting developers in integrating security into the development process. In addition, supporting operations from vulnerability management perspective. This is an excellent opportunity to grow your career in the application security field while working in a collaborative and supportive environment.

Responsibilities:
1. Onboarding Security Tooling:
Assist in the deployment and configuration of application security tools, including SAST, DAST, SCA, and other related technologies.
Collaborate with development teams to integrate security tools into CI/CD pipelines.
Ensure new teams and projects are successfully onboarded to security tools and processes.

2. Documentation and Knowledge Sharing:
Create and maintain documentation, including onboarding guides, troubleshooting steps, and FAQs for security tooling.
Develop training materials and how-to guides to empower developers to use security tools effectively.

3. Developer Support:
Serve as the first point of contact for developer questions related to security tooling and practices.
Provide guidance on using security tools and interpreting findings.
Support developers in onboarding, addressing and remediating vulnerabilities identified by security tools.

4. Continuous Improvement:
Identify common issues and recommend process or tool improvements to enhance efficiency.
Stay current on application security tools and practices to bring fresh ideas to the team.

5. Integration and onboarding Support (this is a huge part of the work!):
Maintain a list of onboarded development organizations and update as new orgs are onboarded (we received the list from CCP team)
Help orgs in how to integrate their orgs (simple instructions and need to share the information)
Support developers with IDE plugins for Checkmarx (share with developers checkmarx docs on IDE plugins integration and how to use them effectively)

6. Developer Onboarding and Support:
Create and maintain developer onboarding documentation
Share documents with onboarding and integration information with new developers
Provide first-level support for developers using Checkmarx (facilitate support with checkmarx support team)
Create and update coding standards documentation with security best practices (as provided by checkmarx)

7. Checkmarx Administration:
Set up and manage user accounts and access permissions in Checkmarx (when needed)
Create and maintain project configurations
Configure scan presets as provided instructions
Generate and distribute security reports to development teams

8. Vulnerability Management:
Track remediation progress and follow up with development teams
Maintain vulnerability metrics and prepare status reports and share with lead developers

9. Process Improvement:
Document common security issues and create preferred remediation approaches (based on documentations already provided by checkarx basically cargillize them)
Help maintain and update security requirements in development workflows
Collect feedback from developers when contacted through Teams channel

10. Documentation and Knowledge Management:
Maintain internal knowledge base of security issues and solutions
Document common Checkmarx findings and remediation strategies (as provided by checkmarx)
Create and update security checklists for different application types

Required Qualifications:
Entry level someone who is trainable; 1 to 2 years of experience in IT, development, DevOps, or a related technical role (internship or academic experience will also be considered).
Need some foundational IT skills with a passion for security. This role will be more operational in nature such as setting up users & coordinating activities etc.


Benefits:

York Solutions Offers a generous benefits package for eligible full-time employees:

• BCBS Medical with 3 Plans to choose from (PPO and High deductible PPO plans with Health Savings Program)
  
• Delta Dental plan with 2 free cleanings and insurance discounts
  
• Eye Med Vision with annual check-ups and discounts on lens
  
• Life and Accidental Death Insurance paid by company
  
• John Hancock 401(k) Retirement Plan with discretionary company match up to 5%
  
• Voluntary Insurance programs such as: Hospital Indemnity, Identity Protection, Legal Insurance, Long Term Care, and Pet Insurance.
  
• Flexible work environment with some remote working opportunities
  
• Strong fun and teamwork environment
  
• Learning, development, and career growth
  

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.