Application Security Engineer

Equifax   •  

Alpharetta, GA

5 - 7 years

Posted 279 days ago

This job is no longer available.

In this role, the Application Security Engineer will

  • Analyze source code of applications written in common programming languages (Java, .NET) with a focus on secure coding practices and principles.
  • Build frameworks/toolsets to probe the applications and expose security flaws.
  •  Leverage commercial and open source toolsets to perform static and dynamic analysis on internally and externally developed applications, and effectively communicate findings to development teams.
  • Perform on-going security testing and code review to improve software security.
  • Assist with engineering designs for new software solutions to help mitigate security vulnerabilities.
  •  Work in tandem with internal and external developers to establish secure software development life cycle procedures.

Additional responsibilities of the Senior Application Developer include:

  • Use the right tools for the job
  • Explore new ideas and find ways to improve software engineering practices across the entire team
  • Ensures software development standards, enterprise patterns and components are utilized in software development projects.
  • Strong analytic skills and able to interpret complex information and adapts as needed.
  • Participate in business continuous improvement efforts and provide guidance and direction to distributed teams, including onshore and offshore resources.
  • Responsible for creating and maintaining all technical artifacts
  • Manages workload effectively and reports status of tasks and risks in a timely manner.
  • Creating tools or frameworks that engineers(love to) use and that improve security
  • Working to identify areas of security weakness
  • Improving data security through use of encryption/key management, segregation or other techniques
  • Finding ways to improve defense-in-depth
  • Helping engineers design more secure systems via design input or code review
  • Write code to break code(applications)

Required Skills:

  • 5+ years of experience and demonstrated proficiency in software design and development methodologies and management techniques.
  • Detailed technical knowledge of techniques, standards and state-of-the art capabilities surrounding authorization, applied cryptography, security vulnerabilities and remediation.
  • Software development experience in  Java, Java frameworks (Spring Hibernate, ORMs like Hibernate and/or iBATIS
  • Knowledge on UI framework like Angular JS, Struts, JSF
  • CI/CD:  Maven, Jenkins or similar tools.
  • Application container like Wesphere and tomcat.
  • .NET experience is a plus
  • Adequate knowledge of web related technologies (web applications, web services, and service oriented architectures) and of network/web related protocols.
  • Basic concepts of common security frameworks (ISO, NIST, HITRUST).
  • Basic concepts of varying industry data standards (PCI, HIPAA, etc.).
  • Have a strong understanding of OWASP Top 10 and similar frameworks.
  • Experience with Agile/SCRUM software development models.
  • Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape as well as security trends in the industry.
  • Able to contribute in a team environment with other team members with varying skills, experience and locations.
  • Able to communicate technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements.
  • Excellent analytical and multitasking skills.
  • Strong understanding of application security
  • Experience as developer ideally in Java
  • Pen testing experience