-
ID
#50014213 -
Job type
Contract -
Salary
Depends on Experience -
Source
IT Associates, Inc. -
Date
2023-05-26 -
Deadline
2023-07-25
Senior Application Security Engineer
Illinois, Rosemont, 60018 Rosemont USAContract
Vacancy expired!
- Responsible for application security standards, assessments, and code review as part of the software development lifecycle
- Collaborate with teams to perform internal and 3rd-party vulnerability and penetration testing
- Coordinate with QA testers and developers to conduct repetitive validation testing throughout the development lifecycle
- Leverage technical application testing capabilities to qualify findings and provide more specific remediation recommendations for resolution while reducing false positives
- Focus on automation to aid in efficiencies with testing and remediation of security findings
- Leverage the security community to understand any public-facing security issues and remediations, as well as to learn new tactics that can be used in testing
- Participate in application efforts and change management processes to understand upcoming activities and provide thought leadership to ensure security processes are in place
- Drive security awareness and evaluation earlier in the development lifecycle
- Develop and leverage a technical security review process to ensure an automated and repeatable processes are managed
- Utilize security standards and implementation configurations, and common security frameworks
- Align with architects and development teams for a mission of secure design
- Actively participate and lead security team meetings that facilitate secure design
- Address service and escalation tickets within SLA expectations
- Develop security test plans from architectural design; identify deficiencies and make enhancements to ensure production is not impacted
- Work with Infrastructure and Cybersecurity teams to conduct performance testing to understand potential impacts on business innovation and day-to-day processes
- Obtain and review all required artifacts as part of go/no go analyses at security checkpoint phases in the development cycle
- Leverage secure coding standards that are based on industry-accepted best practices, such as OWASP Guide and SANS - CIS Critical Security Controls
- Perform security activities, including security design reviews, threat modeling, and code auditing on internally and externally developed software
- Assist with periodic security risk assessments, IT security audits, and management reporting
- Educate, assess, design, implement, automate, and document security solutions and processes for Amazon Web Service (AWS), Microsoft Azure, and other SaaS applications and cloud platforms
- Log and update all security incidents in the company’s ticketing system and update management regularly on the threats, mitigation plans, and status
- BA/BS in Cybersecurity, Information Technology, computer science, or related field, or professional experience related to application design, development, and cloud architecture
- Minimum 7 years’ experience with most or all the following - Cybersecurity, Security Operations, Application Security, Q/A testing, commonly used programming tools, workflows, and concepts
- DAST/SAST/IAST solution evaluation, selection, implementation, operational use
- Microsoft Azure and Dynamics 365 roles, permissions definition, and provisioning
- Microsoft Office 365 Suite, including Word, Excel, PowerPoint, Visio, Outlook, Teams
- Experience with Agile and DevOps development principles and processes
- Understanding of all phases of product, software, and testing lifecycles
- Clear and concise verbal and written communication skills
- Excellent presentation skills
- Ability to flow smoothly between strategic planning and tactical execution
- .NET development or support experience highly preferred
- 3+ years of experience in healthcare, finance, or benefits administration
- Proficiency with a wide range of security tools such as Kali Linux, Microsoft Threat Modeling tools, Metasploit, Whitesource, other IAST/SAST/DAST tools
- Hands-on experience with Azure DevOps, GitLab or other DevOps management solutions
- Knowledgeable in SDLC, Agile and/or Waterfall methodologies
- Knowledge of threat modeling and countermeasures
- Experience with conducting Security Code Reviews
- General knowledge of databases, applications, system interfaces, and operating systems
- Understanding of relational databases, structures, and design
- Moderate SQL knowledge
- JAVA development or support experience
- Experience with forensics and vulnerability management systems
- Industry education and/or certifications are preferred
Vacancy expired!
Report job