Job Description: Senior Application Security Engineer
Laboratory Corporate of America (LCA) is seeking a Senior Application Security Engineer to join the
Office of Information Security, reporting to the Director of Security Engineering and Innovation. The
Senior Application Security Engineer will lead and implement an enterprise strategy on application
security, and will partner with various technical teams to ensure this strategy is carried out. The Senior
Application Security Engineer will also work closely with other security staff and represent the interests
of the broader Information Security team to the rest of the enterprise.
- Partner with application development and other technical teams to perform securityarchitecture
- Conduct application security assessments and perform source code reviews in order to identify
vulnerabilities; advise on mitigation solutions.
- Articulate and highlight common threats and vulnerability vectors to application security, including
denial of service, buffer overflows, and input validation.
- Perform web application security testing using manual and automated tools (Burp Suite, etc.).
- Act as a subject matter expert on Java and .NET securityarchitecture.
- Ensure security is being adhered to at each stage of the Software Development Lifecycle (SDLC).
- Assess business requirements and use cases in order to facilitate the adoption of application security
- Develop secure coding standards and evangelize to appropriate technical staff.
- Work closely with team members from Risk Management and Compliance in order to understand
external compliance requirements.
- Represent the interests of the broader Information Security team to other technical staff and business
- Develop and share application security expertise within the broader Information Security team.
- In partnership with the broader Information Security team, research and recommend emerging
securitytechnologies/tools to address current and futurethreats.
- Provide guidance for security remediation to business and IT partners by conducting technical risk
assessments (includes vulnerability assessment).
- Participate in security incident handling and investigations as required.
- Interact and manage vendors, outsourcers, and contractors regarding security products and services.
- Manage and/or provide guidance to junior members of the team.
- Minimum 5 years experience in information security.
- Proven experience in application security, with some experience in developing web and mobile
- Comfortable with scripting (PowerShell, Python, etc.).
- Familiarity with static code analysis platforms such as Veracode or HP Fortify.
- Understanding and experience in securing OWAP Top 10 with substantial knowledge in mitigating
XSS, SQL injection, and CSRF.
- Strong understanding of the HTTP protocol
- Proven experience with information security best practices.
- Proven project management and organizational skills, specifically managing multiple, concurrent
- Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline is
- CISSP certification desired.
- Prior contribution to the broader security community (research, CVE's, etc.)
- Experience with Node.js
- Understanding of industry standards and compliance requirements related to information security and
application security-especially ISO 27001, HIPAA, and PCI DSS.
- Strong interpersonal, written, and oral communication skills.
- Highly self motivated and directed professional, with keen attention to detail.
- Excellent analytical, problem-solving and decision-making abilities.
- Able to effectively prioritize tasks in a high-pressure environment.
- Strong customer service and solution-focused orientation.
- Experience working in a team-oriented, collaborative environment.
Requisition Number 17-83438