Application Security Engineer

Job Overview

Our client in the Bedminster area of NJ has an excellent opportunity for an Applications Security Engineer!

 

Responsibilities:

  • Establish and enhance the Application Security program, implementing projects that reduce risk and satisfy business security requirements.
  • Lead the integration of application security standards, procedures, and testing tools into the Software Development Life Cycle (SDLC).
  • Conduct threat modeling exercises, provide security requirements and design reviews for the implementation of new applications, and enhancements to existing applications.
  • Manage the day-to-day activities of DAST, SAST and SCA testing, frequently communicating with development teams to explain discovered vulnerabilities, recommend treatment plans, and communicate information about residual risk.
  • Maintain and enhance technologies that protect public-facing web applications and API.
  • Provide security guidance on a constant stream of new development and system implementations and administer the company’s application security controls, testing systems and procedures.
  • Support the Vulnerability Management Program by conducting recurring scans of all systems and applications, providing guidance to IT teams for the remediation of identified vulnerabilities.
  • Monitor and report on emerging risk and compliance with organizational security policies.
  • Enhance key performance indicators, metrics, and ongoing monitoring.
  • Oversee penetration testing and security assessments, support internal and external audits, prioritize findings based on risk, and recommend appropriate mitigations.
  • Implement training plans to ensure the developer teams are equipped with the necessary skills to protect applications and their underlying infrastructure.
  • Support Incident Response investigations.
  • Participate in business continuity and disaster recovery planning, as well as change management forums.
  • Stay current on topics in Information Security by researching emerging trends, technologies, threats, and vulnerabilities.

 

Requirements:

  • Excellent understanding of information security concepts, industry best practices, strategies, and procedures.
  • Strong business process knowledge and application of technology solutions.
  • Ability to effectively convey complex security concepts to multiple audiences, including business and technical leaders, and contributors.
  • Experience defining, implementing, and improving application security standards, controls, and procedures.
  • Strong knowledge of application security risks, vulnerabilities, attack vectors, and mitigation strategies.
  • Experience using DAST, SAST, and SCA testing tools to continuously assess and secure applications.
  • Experience with commercial Vulnerability Management tools (i.e. Tenable, Rapid7, Qualys).
  • Familiar with applying security best practices within waterfall and agile development models, and working with development automation procedures, including CI/CD pipelines.
  • Experience with web application firewall (WAF) policy management.
  • Comfortable working with a variety of technologies supporting large scale deployments, troubleshooting solutions issues, and proficient in monitoring and investigating security events.
  • Experience securing applications in a cloud-based architecture.
  • Self-motivated and team oriented, with the ability to drive initiatives under minimal supervision.
  • Minimum of 3 years’ experience as an Application Security Engineer, or comparable role.
  • Minimum of 7 years’ experience in IT, with 3 years’ experience in an information security role.
  • Bachelor’s Degree in Computer Science, Information Systems, or other relevant degree.
  • Certification in one or more areas is strongly preferred: CISSP, GIAC, OSCP, OSWE, CEH or similar.
  • Experience with DAST, SAST, SCA, network and system security testing tools.
  • Proficiency in one programming language (C#, VB.NET, Python, JavaScript preferred).
  • Experience with the NIST Cybersecurity Framework, OWASP Top 10, CWE/SANS Top 25, NIST 800-53, ISO 27001/27002, and CIS CSC.
  • Experience developing and maintaining policies, procedures, standards, and guidelines.
  • Experience working in a regulated environment.
Job Detail
Shortlist Never pay anyone for job application test or interview.