Location: Remote, USA
Salary Compensation: $180K/yr. – $220K/yr.
Email Address: usa@oscartemple.com (Share your Resume to this email with the Job title as subject)
Industry: Financial Services
Summary:
Responsible for integrating security into the development of applications, the Application Security Engineer will work closely with the product and software development team to threat model, vulnerability scan, and pen test the early software, system, and network architecture and identify required control points in the application stack. Work closely with developers to diagnose, document, and remediate application security vulnerabilities. Responsible for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.
Responsibilities:
- Develop a security framework, establish a software security assurance process, and work with product delivery teams to build applications securely from start to finish
- Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services
- Develop and maintain a balanced application security program based on a well-defined application security framework
- Conduct application security assessments / penetration tests and implement tools for dynamic/automated code reviews
- Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments
- Ensure compliance with society, regulatory, and industry standards for application security
- Continuously evaluate the organization’s existing application security practices, define and measure security-related activities, and demonstrate concrete improvements
- Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness
- Conduct code reviews and penetration testing
- Develop and maintain unit and integration tests designed to ensure security controls are tested on every build
Qualifications:
- Minimum of 6 years of experience as an Application Security Engineer, Application Developer, Architect, DevOps Engineer
- Previous experience within the finance industry
- Hands-on experience with varying application security tools such as Micro Focus Fortify, Whitesource, Contrast Security
- Highly proficient with development languages including C#, .NET, Java, Nodejs, SQL
- Hands-on experience working in Azure DevOps Services to include creation and execution of CI/CD pipelines
- Strong build automation experience to include YAML and Powershell
- Must possess a strong understanding of application security frameworks and possess thorough knowledge of the OWASP Top 10
- Solid understanding of application security code reviews and penetration testing
- Practical understanding and use of commercial application security tools
- Strong self-starter who has the ability to operate independently
- Has solid understanding and experience with establishing application security policies across an organization
- Must possess effective verbal and written communication skills with ability to communicate effectively with senior executive leadership; proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement and performance
- Understanding and passion for Agile/XP/Scrum/Kanban and Understanding of Continuous Integration/Testing/Delivery
- Proficient in Microsoft Office (Word, Excel, Outlook, PowerPoint)