The Security Engineer will work with development teams to carry out Application Security reviews and compliance guidelines. This role ensures that adequate and effective security processes, controls, and lifecycles are followed and aligned to deliver application security best practices and frameworks in order to follow the security policy and regulatory requirements. The Application Security Engineer supports the information security and compliance program, establishing appropriate assessments, managing and tracking risk mitigation and remediation activities.
DUTIES AND RESPONSIBILITIES:- Perform threat modeling, vulnerability analysis, penetration testing, code review, and SDLC support
- Provide expert advice and consultancy to customers on risk assessment, threat modeling and fixing vulnerabilities.
- Design, implement and support security-focused tools and services.
- Write technical reports (e.g. based on findings, System Security Plans)
- Identify security vulnerabilities in applications
- Offer solutions to discovered vulnerabilities
- Suggest secure design techniques to management and customers to improve application security posture
- Prepare reports on project progress and present results to the customer and management
- Maintain current knowledge of relevant vulnerabilities and mitigation techniques
- Perform comprehensive code reviews
- Provide consultancy for Product development, Engineering & Operations team on technical security issues and remediation.
REQUIRED SKILLS:- 7+ years of experience in Cyber Security.
- 3+ years of experience in application security.
- Working knowledge of NIST 800-53 rev. 4
- Experience in vulnerability testing and auditing
- Prior code audit / application penetration testing
- Knowledge of secure development practices and techniques (e.g. OWASP Top Ten)
- Knowledge of and experience working with common Application Security Tools (e.g. Fortify, AppScan, WebInspect)
- Knowledge of security flaws and its resolution as listed in sites like OWASP, SANS, etc.
- Well versed with common web application and cloud security flaws and exploitation techniques as put forth by sources such as the SANS, OWASP Top 10 and Cloud Security Alliance (CSA)
DESIRED SKILLS:- Experience as a .Net or Java developer.
- Languages experience: Java/C#, T-SQL, JavaScript, HTML
- Experience and knowledge of industry IDS/IPS, logging, vulnerability, monitoring, firewall technology, wireless security, Anti-virus protection, OS patching, data loss prevention and SIEM technology and solutions
- Nice to have one or more of following Certification(s): GIAC Certified Web Application Defender (GWEB), GIAC Secure Software Programmer-Java (GSSP-JAVA), GIAC Web Application Penetration Tester (GWAPT), Certified Ethical Hacker (CEH), Certified Secure Software Lifecycle Professional (CSSLP)