IT Applications Security Engineer (Remote)

Category IT - Infrastructure
Position Type
Regular
Location
Carrollton, Texas
Location : Address
Work From Home

Job Posting

The Application Security Engineer is responsible for advancing and managing the Application Security Analytics practices.  Working with teammates to ensure that best practices. Perform validation and testing of web and mobile applications to ensure products meet internal and industry standards. (NOTE: Prefer candidates near Carrollton, TX or Orlando, FL BUT are open to anywhere else in the country as well, for well-qualified candidates.)

Essential Job Functions:

  • Manage the secure development lifecycle for assigned projects,
  • Provide application security expertise throughout the SDLC to project delivery teams,
  • Review static code analysis findings for vulnerabilities and provide mitigation recommendations to delivery teams,
  • Perform validation and testing of web and mobile applications to ensure products meet internal and industry standards and requirements,
  • Provide subject-matter expertise on consultation to internal business units,
  • Assist in the maintenance and enhancement of the security architecture throughout the SDLC,
  • Coordinate with IT operations and project delivery teams to ensure strong adherence to secure development lifecycle processes and procedures,
  • Perform threat modeling and rapid risk assessments on critical application and I ‘architectural changes,
  • Coordinate with IT operations and project delivery teams on forensic analysis on breaches and exploits,
  • Complete all security and compliance tasks assigned by the VP of Application Security

Non-Essential Job Functions:

  • Assist in the development of application security and architecture security training materials for internal use amongst IT and security staff,
  • Assisting QA automation in the development of security-oriented unit tests
  • Adopts Fairway values in personal work behaviors, decision making, contributions and interpersonal interactions,
  • Contributes to a positive work environment by demonstrating cultural expectations and influencing others to reward performance and value "can do" people, accountability, diversity and inclusion, flexibility, continuous improvement, collaboration, creativity and fun
  • Performs other duties as assigned

Required Knowledge and Skills:

  • Solid knowledge and understanding of Data Analytics processes, techniques and systems
  • Knowledge of best practices and IT operations in an always-up, always-available service
  • Experience with or knowledge of Agile Software Development methodologies
  • Excellent problem solving and troubleshooting skills
  • Process oriented with great documentation skills
  • Excellent oral and written communication skills with a keen sense of customer service

Required Education and Experience:

  • Bachelor’s Degree in Computer Science or equivalent education and work experience.
  • Cyber Security Certifications preferred (CISSP, CSSLP, GCSA, GWEB, etc.)
  • 3+ years performing security testing on web and mobile applications
  • 5+ years in various cybersecurity engineering roles
  • 3+ years of scripting or programming experience
  • 3+ years working in a DevOps or Agile environment
  • Experience with DevOps tools like as Azure pipelines, Jenkins, AWS
  • Experience with secure application architecture
  • Strong working knowledge on SAST and DAST tools including SonarQube, ZAP, Burp suite, etc.
  • Working experience in cloud-native application development landscapes (Azure preferred but not necessary)
  • Knowledge on industry standards such as FedRAMP, ISO 27001, OWASP, CWE
  • Experience applying security best practices in an agile development environment
  • Working knowledge of Python or Bash scripting
  • Ability to explain the difference of XSS, CRSF, Code Injection, MiTM, and Rainbow Table attacks
  • Experience explaining technical and security concepts to technical and non-technical people
  • Experience using modern secure development frameworks such as Microsoft SDL, OWASL SAMM 2, ASVS, and MASVS
  • Experience with Windows and Linux systems administration
  • Working knowledge on Oauth2, SAML, OIDC,
  • Experience with containers and serverless technologies

#Indeed

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.