Opportunity awaits...
Application Security Engineer
PAGR86
- US$150,000pa
- Massachusetts, United States
- Permanent
My client is looking for a Application Security Engineer, who will be responsible for defining and maintaining consistent Secure Software Development Life-cycle practices for all of my client's technology projects throughout the planning and delivery cycles, assuring the mitigation of application security vulnerabilities. You will help to define and improve the global application security programs and services; you will lead the team, as well as sharing your knowledge and expertise with other colleagues.
In this position, you are expected to be a passionate and talented application security engineer with a very deep understanding of OWASP, data protection and threat modelling skills. You must be dedicated and able to work with developers in a dynamic environment to produce secure code in short time frames.
• Help define consistent Secure Software Development Life-cycle practices for all technology projects throughout the planning and delivery cycles that assure that application security risks are mitigated
• Ensure end-to-end security of products by hands-on testing, hypothesising threats, helping development teams with remediating risks upfront and championing secure implementation efforts.
• Improve secure coding practices, application security requirements, automation, training, and metrics
• Integrate threat modelling practices into the Software Development Lifecycle
• Help build secure products and standards around emerging technologies and using existing standards and security practices
• Perform Security Architecture and Low Level Application Security Design review involving: Data Protection, Authentication and Authorisations, Web Application Security and Network Security
• Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals
• Collaborate with product and solution teams to achieve Cybersecurity software security program objectives
• Manage cross-functional internal and external team collaboration, evangelisation, and communications
• Develop and optimise processes to improve software development efficiency in the consumption of security development practices
• Maintain active understanding of industry practices for secure software development and incident response
Experience
• Mid-level experience with Bachelor's degree or experience with Master's degree in Computer Science, Mathematics, Physics, or equivalent
• Hands on experience with any of the following Software Development languages Golang, Java / C# / C++, JavaScript and HTML,
• Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
• Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
• Well versed in web application design, penetration testing, application risk assessment and risk categorisation
• Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developer's world
• Success in implementing effective Secure SDLC frameworks across a large corporation.
• Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies
• Familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
• Familiar with code management system (e.g.: BitBucket), CI/CD system (e.g.: Jenkins), Docker, Kubernetes, microservice architecture, OAuth 2.0, OpenID Connect.
• Deep knowledge and experience in using SAST, DAST, IAST, SCA and fuzz testing tools
• Highly effective communicator; well-honed influencing and negotiating skills
• Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
• Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
In this position, you are expected to be a passionate and talented application security engineer with a very deep understanding of OWASP, data protection and threat modelling skills. You must be dedicated and able to work with developers in a dynamic environment to produce secure code in short time frames.
• Help define consistent Secure Software Development Life-cycle practices for all technology projects throughout the planning and delivery cycles that assure that application security risks are mitigated
• Ensure end-to-end security of products by hands-on testing, hypothesising threats, helping development teams with remediating risks upfront and championing secure implementation efforts.
• Improve secure coding practices, application security requirements, automation, training, and metrics
• Integrate threat modelling practices into the Software Development Lifecycle
• Help build secure products and standards around emerging technologies and using existing standards and security practices
• Perform Security Architecture and Low Level Application Security Design review involving: Data Protection, Authentication and Authorisations, Web Application Security and Network Security
• Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals
• Collaborate with product and solution teams to achieve Cybersecurity software security program objectives
• Manage cross-functional internal and external team collaboration, evangelisation, and communications
• Develop and optimise processes to improve software development efficiency in the consumption of security development practices
• Maintain active understanding of industry practices for secure software development and incident response
Experience
• Mid-level experience with Bachelor's degree or experience with Master's degree in Computer Science, Mathematics, Physics, or equivalent
• Hands on experience with any of the following Software Development languages Golang, Java / C# / C++, JavaScript and HTML,
• Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
• Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
• Well versed in web application design, penetration testing, application risk assessment and risk categorisation
• Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developer's world
• Success in implementing effective Secure SDLC frameworks across a large corporation.
• Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies
• Familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
• Familiar with code management system (e.g.: BitBucket), CI/CD system (e.g.: Jenkins), Docker, Kubernetes, microservice architecture, OAuth 2.0, OpenID Connect.
• Deep knowledge and experience in using SAST, DAST, IAST, SCA and fuzz testing tools
• Highly effective communicator; well-honed influencing and negotiating skills
• Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
• Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
Patrick Griffiths
Principal Consultant - Network & Server Infrastructure
