Senior Application Security Engineer - Remote
- Employer
- ALTA IT Services, LLC
- Location
- Chevy Chase, MD
- Closing date
- Sep 28, 2022
View more
- Industry
- Maintenance and Repair
- Function
- IT
- Hours
- Full Time
- Career Level
- Experienced (Non-Manager)
You need to sign in or create an account to save a job.
Ideal candidate will be key to driving threat modeling, secure coding and SSDLC efforts. You'll work on complex platform security projects both independently and collaboratively in an agile environment. Role requires a strong background in security as it relates to platform infrastructure, application security, and other aspects of network/cloud infrastructure security.Candidate will have software architecture experience and strong application security skills, will be responsible for implementing the highest level of security standards across the company's product stack.Duties:A cents € cents Transform organizational and process challenges to achieve results that drive complex security efforts for internal and external customers.A cents € cents Develop and implement workflows to automate security testing/vulnerability detection for the software development lifecycle; design, implement, and maintain tooling to secure self-service infrastructure.A cents € cents Lead threat modeling program with enterprise architects, integrating the program and its processes into the SDLC.A cents € cents Experience implementing and continuously improving AppSec tools such as Static Application Security Tests (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA), secrets, container, IaC and fuzz scanning.A cents € cents Working with the application teams to ensure that application security risks are effectively identified using market leading commercial and open-source tools (SAST, DAST, SCA etc.).A cents € cents Provide vulnerability remediation and mitigation guidance that maintains a balance between security and business objectives.A cents € cents Advanced understanding of tooling integrations that support agile, CI/CD, and DevSecOps methodologies.A cents € cents Must have a mindset of continuous improvement of people, processes and technology.A cents € cents Engage with product owners, project managers and developers to conduct security reviews, identify risks and conform to organizational remediation/mitigation timelines.A cents € cents Provide technical leadership by mentoring junior team members and act as a subject matter expert for application security issues.A cents € cents Support compliance programs - PCI, NIST CSF, ISO 27001, and SOX via the development, implementation and governance of common controls for products and infrastructure.Requirements:A cents € cents Bachelor's Degree in Software Engineering, Computer Science, Cybersecurity, or related field is preferred.A cents € cents 5+ years of relevant experience in Application Security or secure development.A cents € cents Experience with multiple modern programming languages; C#, JavaScript, Swift, Kotlin, and/or Python.A cents € cents Working knowledge of cloud native security best practices (AWS, Azure, containers, Kubernetes, etc.)A cents € cents Able to work both independently as well with architecture and development teams. A strong ability to multi-task effectively in a high-paced environment is critical to success.A cents € cents Excellent written and oral communication skills, as well as social skills including the ability to articulate to both technical and non-technical audiences.A cents € cents Relevant professional certifications preferred (eg CISSP, CSSLP, CASE, AZ-305, AZ-400, AZ-500, etc.)SDL2017
You need to sign in or create an account to save a job.
Get job alerts
Create a job alert and receive personalized job recommendations straight to your inbox.
Create alert