Application Security Engineer
Our client, a government-sponsored bank, is seeking an Application Security Engineer Location:
Indianapolis, IN Position Type:
IT Full Time Job
Summary:
The Application Security (AppSec) Analyst works closely with Bank management and members of the Information Security Department to execute a Bank wide application security management program.
This position is responsible for identifying, evaluating, and reporting on application security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
The following statements are intended to describe the general nature and level of work being performed by persons assigned to the job.
They are not intended to be an exhaustive list of all responsibilities or abilities required of persons so classified.
The Bank reserves the right to alter or amend this description at any time.
Job
Responsibilities:
Develops and maintains a application security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers Develops application security strategy plans and roadmaps based on sound enterprise architecture practices Act as technical expert for application security related issues and participate in active solutioning discussions Evaluate applications for security flaws by performing fuzzing, access/authorization bypass, business logic abuse and intentional fault injections Uses Static and Dynamic analysis tools to support broad testing and vulnerability discovery.
Ensure applications are built according to enterprise security standards Understanding of Pen testing/ Red team activities - Network, Web applications, Perimeter, Physical, Wireless etc.
Act as a Pen testing administrator to scope and schedule periodic pen tests at the bank per requirements.
Ability to decipher pen testing findings, challenge results and review remediation plans with internal teams to align with SLAs Job Requirements:
8 years of cyber security experience, with at least 2 years specific experience in application security).
Candidates with previous coding and software development experience will be prioritized.
Candidates with knowledge of software development, software languages and how code is written and deployed will be given preference.
Direct, hands-on experience using application security tools Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services Application Security, OWASP, SAST, DAST, Burp suite, Java,.
Net, Python Ability to uphold the Bank's Guiding Principles Secure Code Reviews and Additional
Responsibilities:
Works with development teams to review application source code for security and operational flaws Perform manual code reviews of applications that are not compatible with automates SAST tools Provide detailed security documentation to developers, software engineers and technical personnel when necessary Provide guidance and recommendations to software architects and engineers on how to correct code related security flaws Maintain and contribute to enterprise secure software delivery standards Coordinates with the DevOps teams to advocate secure coding practices and escalate concerns related to poor coding practices to the leadership Coaches and mentors junior members of the team, leads by example Salary Range:
$100,000 - $250,000 Recommended Skills.
Net Framework Application Security Architecture Code Review Computer Security Dev Ops Estimated Salary: $20 to $28 per hour based on qualifications.
Indianapolis, IN Position Type:
IT Full Time Job
Summary:
The Application Security (AppSec) Analyst works closely with Bank management and members of the Information Security Department to execute a Bank wide application security management program.
This position is responsible for identifying, evaluating, and reporting on application security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
The following statements are intended to describe the general nature and level of work being performed by persons assigned to the job.
They are not intended to be an exhaustive list of all responsibilities or abilities required of persons so classified.
The Bank reserves the right to alter or amend this description at any time.
Job
Responsibilities:
Develops and maintains a application security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers Develops application security strategy plans and roadmaps based on sound enterprise architecture practices Act as technical expert for application security related issues and participate in active solutioning discussions Evaluate applications for security flaws by performing fuzzing, access/authorization bypass, business logic abuse and intentional fault injections Uses Static and Dynamic analysis tools to support broad testing and vulnerability discovery.
Ensure applications are built according to enterprise security standards Understanding of Pen testing/ Red team activities - Network, Web applications, Perimeter, Physical, Wireless etc.
Act as a Pen testing administrator to scope and schedule periodic pen tests at the bank per requirements.
Ability to decipher pen testing findings, challenge results and review remediation plans with internal teams to align with SLAs Job Requirements:
8 years of cyber security experience, with at least 2 years specific experience in application security).
Candidates with previous coding and software development experience will be prioritized.
Candidates with knowledge of software development, software languages and how code is written and deployed will be given preference.
Direct, hands-on experience using application security tools Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services Application Security, OWASP, SAST, DAST, Burp suite, Java,.
Net, Python Ability to uphold the Bank's Guiding Principles Secure Code Reviews and Additional
Responsibilities:
Works with development teams to review application source code for security and operational flaws Perform manual code reviews of applications that are not compatible with automates SAST tools Provide detailed security documentation to developers, software engineers and technical personnel when necessary Provide guidance and recommendations to software architects and engineers on how to correct code related security flaws Maintain and contribute to enterprise secure software delivery standards Coordinates with the DevOps teams to advocate secure coding practices and escalate concerns related to poor coding practices to the leadership Coaches and mentors junior members of the team, leads by example Salary Range:
$100,000 - $250,000 Recommended Skills.
Net Framework Application Security Architecture Code Review Computer Security Dev Ops Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
