As an Application Security Engineer, you are part of a technical team responsible for delivering new technologies and the interfaces that our engineering and solution delivery teams can integrate into their development projects to secure sensitive data. Acts as a security expert to teams within the company. Involved with all aspects of information security including policy development, procedures, architecture and strategy, and security incident response.
Applications Security Engineer Responsibilities
Provide security related consultancy and proactively drive the security engineering with Solution Delivery & Engineering teams.
Work with leadership to ensure that issues are communicated effectively.
Work with software development and engineering teams to review solution design and implementation, performing secure code reviews and large data set analysis, and helping develop APIs to secure sensitive data.
Work closely with agile development teams and their delivery deadlines to remediate application vulnerabilities detected through security scanning tools.
Be ambassador for the team to assist with the ongoing integration of the Application Security team with other business units.
Actively manage the security activities associated with secure software development, including performing peer code reviews, to address risks and threats.
Help enhance the security posture of the organization by bringing in, enhancing tools that do continuous scans of application code and infrastructure deployments. Tools used to name a few are Qualys, Whitehat Sentinel, Fortify, Imperva Web Application Firewall, Sonatype Third party library scans, SonarQube, OWASP dependency checker, OWASP Zap, LogRhythm, Demisto, Crowdstrike, Darktrace, Windows Defender etc.
Evaluate deviations from Organizations Information Security Policy that are requested and perform risk assessments.
Applications Security Engineer Qualifications
Minimum of 5 years of relevant IT security experience in the job offered or in the following acceptable positions: Software Engineer, Application Developer, Solutions Engineer, Business Analyst, Application Integration/Management Services, or similar.
Modern technologist and thinker. Views security as an enabler, not an inhibitor to innovation. Experience solving identify and access management needs in networks and systems
Values team building; coaching, mentoring, and training a team.
Humble, hardworking, forward-thinking.
Clear and concise communicator.
Development using Java & Shell Scripting.
Network and web related protocols HTTP & HTTPS.
Minimum of one code security review tool.
Common web application vulnerabilities and their mitigation strategies from the OWASP Top 10 List, including XSS, CSRF, and clickjacking.
System security vulnerabilities and remediation techniques.
Threat modeling and security methodologies.
Possess related industry certifications such as CISSP, CSSLP, GWEB or equivalent.
VanderHouwen is an award-winning, Women-Owned, WBENC certified professional staffing firm. Founded in 1987, VanderHouwen has been successfully placing experienced professionals throughout the Pacific Northwest and nationwide. Our recruitment teams are highly specialized in either Technology and IT, Engineering, or Accounting and Finance career markets. Our recruiters value building meaningful, professional relationships with each candidate as well as developing honed knowledge of companies' staffing needs and workplaces. Partner with us to land your next exciting career.
VanderHouwen is an Equal Opportunity Employer and participates in E-Verify. VanderHouwen does not discriminate on the basis of race, color, religion, sex, national origin, age, disability, or any other characteristic protected by applicable local, state or federal civil rights laws.