Position Summary:
The Application Security Engineer has a strong development experience in numerous programming languages. This role is the subject matter expert (SME ) for concepts behind security controls and how they apply to application development, web presence and API services. This individual is accountable for identifying weaknesses in our security posture within the application or web space while defining methods to achieve security control requirements via automation or highly efficient means that further support timely delivery with minimal overhead. They work in a team of infrastructure specialists, developers, and engineers making sure services are delivered and used securely as required. Works with and supports third parties to provide security services. The Application Security Engineer will advise and enable development and technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns.
Primary Accountabilities:
Technical (80%)
You will become the primary security expert for multiple product lines and act as the point of contact for engineering and security.
Perform architecture reviews to steer projects in the right direction, participate in manual security code reviews, and automate security assessment testing against products prior to production.
Support engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure their architecture.
Review development frameworks for security functionality, consistency, and uplift opportunities.
Create threat models and leverage them to prioritize time based on risk impact.
Implement and/or assess existing security controls.
Translates logical designs into physical designs. Produces detailed designs and documents all work using required standards, methods and tools, including prototyping tools where appropriate. Designs systems characterized by managed levels of risk, manageable business and technical complexity and meaningful impact. Works with well-understood technology and identifies appropriate patterns.
Project Management (20%)
Work with application development teams to ensure secure software development lifecycle (S-SDLC) implementation and validation.
Educate and train product teams.
Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects.
Required Qualifications:
Bachelor’s degree in Computer Science, Information Technology or related field or equivalent work experience required. Masters degree preferred.
3-5 years of related work experience in security engineering
Certifications preferred: CISSP, OSCP, GWAPT, GWEB, GCSA, GPCS, AWS/Azure/GCP devops and/or security related.
Strong experience in web and mobile application security
Strong experience in distributed platform development security and design
In-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)
Strong foundation in core information security principles and concepts (HTTPS/TLS, OAuth, SAML, SSO, etc.)
Working knowledge of common software engineering languages such as Python, Golang, Javascript, Java, etc.
Familiarity in public cloud security deployment and implementation issues (AWS, Azure, GCP)
Familiarity with audits and standards requirements such NIST, ISO 27001, HIPAA, HITECH, GDPR, CPRA, PCI DSS, SOC 1 & 2, etc.
Proven expertise in enterprise-grade and web scale security solutions
Excellent communication skills
Ability to explain complex security topics in simple terms
Ability to lead and project manage multiple security initiatives
Identity and Access Management
Software Development Security
Aware of software development lifecycles
Aware of what software development methodologies are used in the enterprise and can explain what it means
Familiar with DevOps and DevSecOps concepts and practices
Aware of Security vulnerabilities
Familiar with secure coding practices
Familiar with common versioning control system/code repository operations and security practices, e.g. git
Individual Competencies:
Teamwork: Builds relationships and works cooperatively with others, inside and outside the organization, to accomplish objectives to build and maintain mutually beneficial partnerships, leverage information and achieve results.
Adaptable: Responds to change with a willingness to learn new ways to accomplish work objectives with a positive attitude.
Innovative: Ability to develop, sponsor, or support the introduction of new and improved methods, products, procedures or technologies.
Curious: A desire to inquire and learn, to seek new knowledge and wisdom, and to listen to the contributions of others with a genuine interest to better self, the team, and the organization.
Problem Solving: Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.
Communication: Giving and receiving messages and information in written, oral, and visual formats in a clear and concise way for a complete understanding of meaning and intent.
Collaboration: Works collaboratively with others to achieve group goals and objectives.
Effective Execution: Translates broad conceptual understanding of the company's strategy into a tactical plan of how it will happen including who will take on which tasks in what sequence, how long those tasks will take, how much the tasks cost, and how each task affects subsequent activities.
As an Inmar Associate, you:
Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations.
Treat clients and teammates with courtesy, consideration and tact; you also have the ability to perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client.
Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually-beneficial partnerships, leverage information and achieve results.
Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability.
Understand that results are important and focus on turning mission into action to achieve results following the principles of Flawless Execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.
We are an Equal Opportunity Employer, including disability/vets.