Security Engineer E7

Enlightened, Inc.

$120K — $150K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years of experience in Cyber Security.
  • 3+ years of application security experience.
  • Familiarity with NIST 800-53 rev. 4 standards.
  • Experience in vulnerability testing and security auditing.
  • Prior experience in code auditing and application penetration testing.
  • Knowledge of secure development practices like OWASP Top Ten.
  • Experience with common Application Security Tools such as Fortify and AppScan.
  • Understanding of security flaws and their resolutions listed by resources like SANS and OWASP.

Responsibilities

  • Perform threat modeling, vulnerability analysis, and penetration testing.
  • Provide expert consultancy on risk assessment and threat mitigation.
  • Design and implement security-focused tools and services for applications.
  • Write technical reports based on security findings and plans.
  • Identify and propose solutions for security vulnerabilities in applications.
  • Suggest secure design improvements to enhance application security posture.
  • Maintain up-to-date knowledge of current vulnerabilities and mitigation techniques.

Benefits

  • Opportunities for professional development and certifications.
  • Collaboration with cross-functional teams including development and engineering.
  • Access to a dynamic and engaged team environment.
  • Involvement in shaping security best practices and frameworks.
  • Potential to influence application design and security strategy.
Full Job Description
The Security Engineer will work with development teams to carry out Application Security reviews and compliance guidelines. This role ensures that adequate and effective security processes, controls, and lifecycles are followed and aligned to deliver application security best practices and frameworks in order to follow the security policy and regulatory requirements. The Application Security Engineer supports the information security and compliance program, establishing appropriate assessments, managing and tracking risk mitigation and remediation activities.

DUTIES AND RESPONSIBILITIES:
  • Perform threat modeling, vulnerability analysis, penetration testing, code review, and SDLC support
  • Provide expert advice and consultancy to customers on risk assessment, threat modeling and fixing vulnerabilities.
  • Design, implement and support security-focused tools and services.
  • Write technical reports (e.g. based on findings, System Security Plans)
  • Identify security vulnerabilities in applications
  • Offer solutions to discovered vulnerabilities
  • Suggest secure design techniques to management and customers to improve application security posture
  • Prepare reports on project progress and present results to the customer and management
  • Maintain current knowledge of relevant vulnerabilities and mitigation techniques
  • Perform comprehensive code reviews
  • Provide consultancy for Product development, Engineering & Operations team on technical security issues and remediation.

REQUIRED SKILLS:
  • 7+ years of experience in Cyber Security.
  • 3+ years of experience in application security.
  • Working knowledge of NIST 800-53 rev. 4
  • Experience in vulnerability testing and auditing
  • Prior code audit / application penetration testing
  • Knowledge of secure development practices and techniques (e.g. OWASP Top Ten)
  • Knowledge of and experience working with common Application Security Tools (e.g. Fortify, AppScan, WebInspect)
  • Knowledge of security flaws and its resolution as listed in sites like OWASP, SANS, etc.
  • Well versed with common web application and cloud security flaws and exploitation techniques as put forth by sources such as the SANS, OWASP Top 10 and Cloud Security Alliance (CSA)

DESIRED SKILLS:
  • Experience as a .Net or Java developer.
  • Languages experience: Java/C#, T-SQL, JavaScript, HTML
  • Experience and knowledge of industry IDS/IPS, logging, vulnerability, monitoring, firewall technology, wireless security, Anti-virus protection, OS patching, data loss prevention and SIEM technology and solutions
  • Nice to have one or more of following Certification(s): GIAC Certified Web Application Defender (GWEB), GIAC Secure Software Programmer-Java (GSSP-JAVA), GIAC Web Application Penetration Tester (GWAPT), Certified Ethical Hacker (CEH), Certified Secure Software Lifecycle Professional (CSSLP)


Similar Jobs

More Jobs at Enlightened, Inc.

  • Security Engineer E7
    $120K — $150K *
    Washington, DC 20011 (District Of Columbia County)
    Information Technology
    In-Person
  • Systems Architect
    $120K — $150K *
    Washington, DC 20011 (District Of Columbia County)
    Information Technology
    In-Person
  • Staff Accountant Lead E7
    $75K — $95K *
    Washington, DC 20011 (District Of Columbia County)
    Finance & Insurance
    In-Person
  • Contact Center Project Analyst
    $75K — $95K *
    Jersey City, NJ 07305 (Hudson County)
    Business Services
    In-Person
  • Healthcare Project Manager
    $90K — $120K *
    Fort Washington, MD 20744 (Prince Georges County)
    Healthcare
    In-Person

More Information Technology Jobs

Find similar Security Engineer E7 jobs: