Application Security Engineer - Remote Position
Steward Health Care is currently seeking an Application Security Engineer. This position will be remote.
This position will be performing hands on (white/grey/black box) end to end application security assessments including source code reviews, vulnerability scans, manual penetration tests and possibly lean threat modeling or design reviews.
This position will provide security expertise and technical leadership while collaborating with security specialists, program managers, developers and all levels of management to execute on strategic and tactical goals to improve security of applications, software code, and infrastructure.
Required Knowledge & Skills:
- Strong knowledge of information security components, principles, practices, and procedures
- Strong background in application security, manual penetration test, source code audit, secure software development lifecycle and vulnerability remediation
- Strong experience in dynamic scanners like Rapid 7 App Spider, Acunetix, static code analyzers like Checkmarx, open-source library scanners like Snyk, manual penetration test tools like Burp
- Experience working with major cloud environments,
- Must know python and/or power-shell.
- Proven experience in web application, service-oriented architectures, infrastructure, and internet security along with a general understanding of common operating systems, networking protocols, database, and application development
- organizations with increasing focus on security practices
- Recommend innovative solutions to solve security concerns
- Strong understanding of OWASP Top 10 and other similar frameworks
Preferred Knowledge & Skills:
- Experience in security architecture review and threat modeling techniques
- Automation, configuration management, and developing infrastructure as code
- Be proactive in tracking information security trends, standards, and practices to identify needs for enhancing or developing security solutions
- Experience in identify security considerations for design and deployment of new applications, technologies, and solutions across the enterprise
- Ability to present technical information to executives in a non-technical manner
- Promote awareness of applicable security policies and standards
- Industry security and systems certifications
- Knowledge of Web Application Firewalls.
- Familiar with Agile.
- Experience developing applications with complex requirements.