Description

Job Id: 60167

Applications Security Engineer
Our client is looking for an Application Security Engineer to provide application security testing services to ensure consistent secure software development practices. Our focus is on building a DevSecOps culture working closely with our product and software development teams. In this role, you will serve as an expert by defining, supporting, and managing solutions that partner with cloud operations and application development teams to deliver business value for the company.

This is a remote position and must live in the following states: CA, OR, CO, ID, NV, AZ, WA, UT.

Applications Security Engineer Responsibilities:
Support continuous delivery of application vulnerability scanning, remediation, and reporting across various platforms and architectures.
Manage application vulnerabilities scanning tools (DAST, SAST, and SCA) such as Veracode, SonarQube, and OWASP Dependency Checker.
Onboard applications into SAST, DAST, and SCA scanning solutions.
Tune false positives and validate findings with our application development teams.
Provide education on security practices or methodologies to resolve vulnerabilities.
Develop, curate, and improve application security detections (static and dynamic) to identify vulnerabilities at scale.
Partner with the application development function to support streamlined, automated, and effective CI/CD pipeline security testing.
Drive a culture of DevSecOps, creating reporting and self-service capabilities to drive more ownership and accountability for security across functional teams.
Demonstrate compliance with all bank regulations for assigned job function and applies to designated job responsibilities – knowledge may be gained through coursework and on-the- job training. Keeps up to date on regulation changes.
Follows all Bank policies and procedures, compliance regulations, and completes all required annual or job-specific training.
Maintain a working knowledge of Bank's written policies and procedures regarding Bank Secrecy Act, Regulation CC, Regulation E, Bank Security, and other regulations as applicable to this job description.
Actively learns, demonstrates, and fosters the corporate culture in all actions and words.
Takes personal initiative and is a positive example for others to emulate.

Applications Security Engineer Qualifications:
Bachelor's Degree in Computer Science, related field, or an equivalent combination of education, training, and experience. Required.
Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g. risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning).
Experience working with modern development practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines).
Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g. FFIEC CAT, NIST, ISO, and PCI)
Demonstrated ability to resolve sensitive issues with other departments and to present information to senior management.
Demonstrated analytical and problem-solving skills applied to both technical and business challenges.
The ability to relate business requirements and risks to technology implementation of security-related issues.
Knowledge of security monitoring, diagnostic and administrative tools.
Ability to train and present to small and large audiences or has the interest in learning to train and present.
Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA.

Salary: $93,000k-$150,000k/yr. (DOE)

Benefits
Benefits are available to eligible VanderHouwen contractors and include coverage for medical, dental, vision, life insurance, short and long term disability, and matching 401k.

About VanderHouwen
VanderHouwen is an award-winning, Women-Owned, WBENC certified professional staffing firm. Founded in 1987, VanderHouwen has been successfully placing experienced professionals throughout the Pacific Northwest and nationwide. Our recruitment teams are highly specialized in either Technology and IT, Engineering, or Accounting and Finance career markets. Our recruiters value building meaningful, professional relationships with each candidate as well as developing honed knowledge of companies' staffing needs and workplaces. Partner with us to land your next exciting career.
VanderHouwen is an Equal Opportunity Employer and participates in E-Verify. VanderHouwen does not discriminate on the basis of race, color, religion, sex, national origin, age, disability, or any other characteristic protected by applicable local, state or federal civil rights laws.

#LI-Remote