Application Security Engineer - REMOTE
Location: Steward Health Care
Posted Date: 4/14/2021
In this role, you will work closely with development teams across platform engineering to ensure our applications are secure. We are looking for a skilled application security engineer to analyze software designs and implementations from a security perspective and identify and resolve security issues. You will perform security analysis and implement controls to ensure we provide robust and reliable software.
- Work with app teams to define zero trust templates as part of the engineering lifecycle
- Implementing Web Application Firewalls for new applications
- Optimize perimeter defense by tuning WAF policies based on attack vectors and new threats
- Perform on-going application security testing and code review to improve software security
- Provide engineering designs to mitigate security vulnerabilities
- Consult with engineering teams on secure coding practices
- Build strong relationships with application/development teams
- Interpreting the results of penetration tests and security scans to provide risk-based recommendations for remediation
- Recommending best practices for security in application design and development
- Consulting with development teams on security readiness for deployment
- Coordinating penetration tests for SaaS applications
- Ensures teams are validating for OWASP and performing industry leading application security practices
REQUIRED KNOWLEDGE & SKILLS:
- Secure software development, with a minimum of 2 years in distributed systems or data platform systems
- Experience in web application security and SSDLC practices
- Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP, Python)
- Hands-on experience with databases and query design is a plus
- Excellent engineering-level understanding of web applications, web servers, layer 7 application technologies, frameworks, and protocols
- Superb communication skills, with the ability to influence at all levels of the organization, are essential to success
- F5, Citrix, Imperva, Mod Security or other Web Application Firewall Technologies.
- Experience in enterprise application development and design, including REST APIs, database, messaging, and search technologies
- Ability to manage multiple tasks simultaneously and meet established deadlines.
- Education: Bachelor’s Degree in Computer Science or related field preferred. Relevant experience and certifications acceptable.
- Experience: 5+ years of relevant experience preferred
- Certification/Licensure: OSCP Certified, E-CEH, CISSP or Like.
- Software/Hardware: Linux, Windows, Burp Suite, nmap, Tenable vulnerability scanning, Wireshark, Rapid 7