Tallahassee, FL, USA
icrunchdata Network
Application Security Engineer II As a member of the One Call (OC) IT Security Operations (SecOps) team, the Application Security Engineer position is responsible for on boarding and maintaining vulnerabilities discovered via scanning tools and manual reviews. The Application Security Engineer will work closely with Application Directors, Quality Assurance Analysts, Development Operations (DevOps) Engineers, Executive level leadership and Business sponsors. GENERAL DUTIES & RESPONSIBILITIES: Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools Systematically address application security issues and develop secure coding practices for multiple development teams Integration of application authentication, encryption, authorization, and access control Provide mitigation strategies for applications from a secure coding perspective Utilize application security scanning tools such as Burpsuite/Fortify to interpret reports and validate identified vulnerabilities and associated risks Utilize source code scan tools to assist application development teams to apply the best practice for application security and catch potential vulnerabilities at early stage Proactively work with team members to address security and compliance issues Provide education and assistance to application developers for applying Security Software Development Life Cycle Collaborate with development teams to prioritize and remediate vulnerabilities throughout the application lifecycle EDUCATIONAL REQUIREMENTS: A Bachelor’s degree in Computer Science or related engineering field with training in software security or the equivalent combination of education, training, or work experience GENERAL KNOWLEDGE, SKILLS & ABILITIES: Strong software engineering background with extensive experience working in complex enterprise environments implementing software development lifecycles Experience in HTML, CSS, and JavaScript Extensive experience in addressing web application security issues, such as those outlined in OWASP Top 10 and CWE/SANS Top 25 Strong knowledge of application security throughout the software lifecycle Experience developing secure coding practices with C#, Asp.Net (MVC and WebForms), HTML/CSS, SQL Server Strong knowledge and experience in securing an application’s integration with relational database management systems such as MS SQL Experience with Azure pipelines Proven ability to ensure applications are secure throughout the software lifecycle Ability to perform manual and automated testing to identify vulnerabilities such (BurpSuite Pro, Fiddler, Netsparker, etc.) Knowledge of security in both Linux and Windows environments as it pertains to Web application hosting, middleware (IIS, Apache, Tomcat, PHP, ColdFusion, Ajax), and databases (Oracle, MySQL, MS SQL Servers) Experience with the development, deployment, and automation of application security solutions in an enterprise cloud-based environment Experience in DevOps environments and maintaining security in CI/CD processes highly desired Solid understanding of Microsoft Azure architecture and services Demonstrated proficiency in ethical hacking and whitehat penetration testing techniques In-Depth knowledge of web application architecture, API development, and MVS frameworks required Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously. Experience in creating detailed solution design documents & diagrams Demonstrated experience in investigating security issues related to web application exploits, credential stealing and authentication-based exploits Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2 Software Security Certifications, such as Certified Secure Software Lifecycle Professional (CSSLP) is strongly preferred Security related certifications, such as CISSP, GIAC, CSSLP, or CEH is a plus Excellent communication skills including presentation and documentation Strong capability in evaluating application security related products Intermediate professional role. Moderate skills with high level of proficiency. Develops and implements solutions that require analysis and research. Works on small to large, complex projects that require increased skill in multiple technical environments. Possesses knowledge in a specific business area. Works on one or more projects as a team member or occasionally as a project lead. May coach more junior technical staff. Works under general supervision with latitude for independent judgment. May consult with senior peers on certain projects. Typically requires three (3) or more years of experience. Typically reports to an IT Security Manager.