Application Security Engineer
  • SmartIPlace Inc
86 Days Ago
NA
NA
New City-NY
7-10 Years
Required Skills: Java, C#, C++, SSDLC, Threat Modelling
Job Description
  • Proactively identify and resolve security risks, issues and incidents.
  • Evaluate and assess information risk, as well as remediation of identified vulnerabilities with the ecosystem.
  • Report on findings and recommendations for corrective action.
  • Perform assigned vulnerability assessments utilizing enterprise security tools and methodologies.
  • Perform assessments of IT security/risk posture within the IT network, systems and software applications.
  • Drive security mitigation efforts through identification of opportunities to reduce risk and document remediation options regarding risk scenarios.
  • Facilitate and monitor performance of risk remediation tasks.
  • Design security solutions to address security vulnerabilities and weaknesses
  • Continuously update the monitoring environment and tools in order to provide the correct level of insight into the environment
  • Technical point of contact for product teams as it relates to automation, CI/CD, and Product Application Security Operations.
  • Build tools and automation scripts that enable developers to easily consume security services delivered by Security Engineering and Automation team.
REQUIRED EXPERIENCE:
  • 7+ years of experience in application security roles with increasing responsibility.
  • 5+ years or experience in an enterprise technology environment, with responsibilities across a operations, networking, systems and infrastructure architecture, or other as applicable technical areas.
  • 3+ years of experience in a Security Operations Center or Continuous Monitoring role
  • 3+ years of experience in Web Application Security, SSDLC and Threat Modelling.
  • Prior hands-on experience with Software Development Java / C# / C++.
  • Experience with a variety of Continuous Monitoring, and vulnerability scanning tools
  • Must have hands on infrastructure security skills including Irewall, SIEM, DS/IPS, fiserver and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
  • Experience in managing application security testing tools like SAST, DAST and Open Source Vulnerability Scanning
  • Prior experience implementing SOX, PCI, ISO, NIST 800-53, NIST CSF,
  • SonarQube, Snyk, Qualys, Wiz.
  • DEEP understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies.
  • Excellent written and verbal communication skills — including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences — and strong interpersonal and collaborative skills
  • Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
  • Strong preference for ISC2, SANS, ISACA, or other recognized security professional credentialing organizations.
  • Bachelor's degree in information systems, engineering or equivalent work experience, preferably Information System management / Computer Science / Information Security or a related technical discipline.
  • MUST live in NYC area and able to work onsite in NYC 1-2 times per quarter.
Apply for job
Similar Jobs
End Point , Cyber Security Analyst
Cyber Security Engineer
Cyber Security Analyst
Security Consultant

Jobseeker

Looking For Job?
Search Jobs

Recruiter

Are You Recruiting?
Search Candidates