Sr. Applications Security Engineer

5 - 7 years experience  •  Patient Care

Salary depends on experience
Posted on 11/22/17
Burlington, NC
5 - 7 years experience
Patient Care
Salary depends on experience
Posted on 11/22/17

Job Description

Job Description: Senior Application Security Engineer

Laboratory Corporate of America (LCA) is seeking a Senior Application Security Engineer to join the
Office of Information Security, reporting to the Director of Security Engineering and Innovation. The
Senior Application Security Engineer will lead and implement an enterprise strategy on application
security, and will partner with various technical teams to ensure this strategy is carried out. The Senior
Application Security Engineer will also work closely with other security staff and represent the interests
of the broader Information Security team to the rest of the enterprise.

Responsibilities:

  • Partner with application development and other technical teams to perform securityarchitecture
    reviews.
    • Conduct application security assessments and perform source code reviews in order to identify
      vulnerabilities; advise on mitigation solutions.
      • Articulate and highlight common threats and vulnerability vectors to application security, including

denial of service, buffer overflows, and input validation.

  • Perform web application security testing using manual and automated tools (Burp Suite, etc.).
  • Act as a subject matter expert on Java and .NET securityarchitecture.
  • Ensure security is being adhered to at each stage of the Software Development Lifecycle (SDLC).
  • Assess business requirements and use cases in order to facilitate the adoption of application security
    controls.
  • Develop secure coding standards and evangelize to appropriate technical staff.
  • Work closely with team members from Risk Management and Compliance in order to understand
    external compliance requirements.
    • Represent the interests of the broader Information Security team to other technical staff and business
      stakeholders.
    • Develop and share application security expertise within the broader Information Security team.
    • In partnership with the broader Information Security team, research and recommend emerging
      securitytechnologies/tools to address current and futurethreats.
      • Provide guidance for security remediation to business and IT partners by conducting technical risk

assessments (includes vulnerability assessment).

  • Participate in security incident handling and investigations as required.
  • Interact and manage vendors, outsourcers, and contractors regarding security products and services.
  • Manage and/or provide guidance to junior members of the team.

Requirements

Qualifications:

Minimum Required:

  • Minimum 5 years experience in information security.
  • Proven experience in application security, with some experience in developing web and mobile

applications.

  • Comfortable with scripting (PowerShell, Python, etc.).
  • Familiarity with static code analysis platforms such as Veracode or HP Fortify.
  • Understanding and experience in securing OWAP Top 10 with substantial knowledge in mitigating

XSS, SQL injection, and CSRF.

  • Strong understanding of the HTTP protocol
  • Proven experience with information security best practices.
  • Proven project management and organizational skills, specifically managing multiple, concurrent

projects.

Preferred Skills:

  • Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline is

highly desired.

  • CISSP certification desired.
  • Prior contribution to the broader security community (research, CVE's, etc.)
  • Experience with Node.js
  • Understanding of industry standards and compliance requirements related to information security and
    application security-especially ISO 27001, HIPAA, and PCI DSS.
  • Strong interpersonal, written, and oral communication skills.
  • Highly self motivated and directed professional, with keen attention to detail.
  • Excellent analytical, problem-solving and decision-making abilities.
  • Able to effectively prioritize tasks in a high-pressure environment.
  • Strong customer service and solution-focused orientation.
  • Experience working in a team-oriented, collaborative environment.

Requisition Number 17-83438

Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.