Application Security Engineer *REMOTE AVAILABLE*
- Work with app teams to define zero trust templates as part of the engineering lifecycle
- Implementing Web Application Firewalls for new applications
- Optimize perimeter defense by tuning WAF policies based on attack vectors and new threats
- Perform on-going application security testing and code review to improve software security
- Provide engineering designs to mitigate security vulnerabilities
- Consult with engineering teams on secure coding practices
- Build strong relationships with application/development teams
- Interpreting the results of penetration tests and security scans to provide risk-based recommendations for remediation
- Recommending best practices for security in application design and development
- Consulting with development teams on security readiness for deployment
- Coordinating penetration tests for SaaS applications
- Ensures teams are validating for OWASP and performing industry leading application security practices
REQUIRED KNOWLEDGE & SKILLS:
- Secure software development, with a minimum of 2 years in distributed systems or data platform systems
- Experience in web application security and SSDLC practices
- Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP, Python)
- Hands-on experience with databases and query design is a plus
- Excellent engineering-level understanding of web applications, web servers, layer 7 application technologies, frameworks, and protocols
- Superb communication skills, with the ability to influence at all levels of the organization, are essential to success
- F5, Citrix, Imperva, Mod Security or other Web Application Firewall Technologies.
- Experience in enterprise application development and design, including REST APIs, database, messaging, and search technologies
- Ability to manage multiple tasks simultaneously and meet established deadlines.
- Education: Bachelor’s Degree in Computer Science or related field preferred. Relevant experience and certifications acceptable.
- Experience: 5+ years of relevant experience preferred
- Certification/Licensure: OSCP Certified, E-CEH, CISSP or Like.
- Software/Hardware: Linux, Windows, Burp Suite, nmap, Tenable vulnerability scanning, Wireshark, Rapid 7
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal ability to furnish information. 41 CFR 630-1.35.