Sr. Application Security Engineer
Contract to hire or Direct Hire
SMART IT People is seeking a Senior Application Security Engineer to lead and implement an enterprise strategy on application security, and partner with various technical teams to ensure this strategy is carried out. We are looking for secure source code analysis. We need analysts who can review code and find vulnerabilities within the code, both manually and using Veracode.
- Minimum 7 years' experience in information security.
- Proven experience in application security, with some experience in developing web and mobile applications.
- Comfortable with scripting (PowerShell, Python, etc.).
- Familiarity with static code analysis platforms such as Veracode or HP Fortify. •
- Understanding and experience in securing OW ASP Top 10 with substantial knowledge in mitigating XSS, SQL injection, and CSRF.
- Strong understanding of the HTTP protocol
- Proven experience with information security best practices.
- Proven project management and organizational skills, specifically managing multiple, concurrent projects.
- Strong interpersonal, written, and oral communication skills.
- Highly self-motivated and directed professional, with keen attention to detail.
- Excellent analytical, problem-solving and decision-making abilities.
- Able to effectively prioritize tasks in a high-pressure environment.
- Strong customer service and solution-focused orientation.
- Experience working in a team-oriented, collaborative environment.
- Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline is highly desired.
- CISSP certification desired.
- Prior contribution to the broader security community (research, CVE's, etc.)
- Experience with Node.js
- Understanding of industry standards and compliance requirements related to information security and application security-especially ISO 27001, HIPAA, and PCI DSS.
- Partner with application development and other technical teams to perform security architecture reviews.
- Conduct application security assessments and perform source code reviews in order to identify vulnerabilities; advise on mitigation solutions.
- Articulate and highlight common threats and vulnerability vectors to application security, including denial of service, buffer overflows, and input validation. •
- Perform web application security testing using manual and automated tools (Burp Suite, etc.).
- Act as a subject matter expert on Java and .NET security architecture.
- Ensure security is being adhered to at each stage of the Software Development Lifecycle (SDLC).
- Assess business requirements and use cases in order to facilitate the adoption of application security controls.
- Develop secure coding standards and evangelize to appropriate technical staff.
- Work closely with team members from Risk Management and Compliance in order to understand external compliance requirements.
- Represent the interests of the broader Information Security team to other technical staff and business stakeholders.
- Develop and share application security expertise within the broader Information Security team.
- In partnership with the broader Information Security team, research and recommend emerging security technologies/tools to address current and future threats.
- Provide guidance for security remediation to business and IT partners by conducting technical risk assessments (includes vulnerability assessment).
- Participate in security incident handling and investigations as required.
- Interact and manage vendors, outsourcers, and contractors regarding security products and services.
- Manage and/or provide guidance to junior members of the team.
To apply, please send resume in MS Word resume to: email@example.com with job title in subject line.