Sr. Application Security Engineer - Work from home

TEKsystems
Wendell, NC, USA
Remote
Full-time

Description : *What will this person do?This individual is accountable for identifying weaknesses in our security posture within the application or web space while defining methods to achieve security control requirements via automation or highly efficient means that further support timely delivery and minimal overhead.

They work in a team of infrastructure specialists and engineers making sure services are delivered and used securely as required.

Works with and supports third parties to provide security services. The Sr. Application Security Engineer will advise and enable development and technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns*Best fit candidate will have a strong understanding of S-SDLC (Secure Software Development Life Cycle) process and implementation.

Have a strong understanding of the OWASP top 10 Framework with Excellent communication skills to help guide / educate developers on creating code with security in mind in each phase of the SDLC.

Responsibilities : Act as the point of contact for Application engineering and security.Participate in security code reviews, and automate penetration testing against products prior to move to production.

Support engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure their architecture.

Review development frameworks for security functionality, consistency, and uplift opportunities.Create threat models and leverage them to prioritize time based on risk impact.

Educate and train product teams.Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjectsImplement and / or assess existing security controlsTranslates logical designs into physical designs.

Produces detailed designs and documents all work using required standards, methods and tools, including prototyping tools where appropriate.

Designs systems characterized by managed levels of risk, manageable business and technical complexity and meaningful impact.

Works with well-understood technology and identifies appropriate patterns.Client Job Description : The Application Engineer, Cyber Security is responsible for building, managing and supporting information security that underpins all internal and external user technology services, according to security policies and best practices.

The Application Engineer, Cyber Security has strong development experience in numerous programming languages and is the subject matter expert (SME) for concepts behind security controls and how they apply to application development, web presence and API services.

This individual is accountable for identifying weaknesses in our security posture within the application or web space while defining methods to achieve security control requirements via automation or highly efficient means that further support timely delivery with minimal overhead.

They work across internal and external teams of infrastructure specialists and software engineers making sure services are delivered and used securely as required, offering advice and guidance on security decisions and ensuring the effective use of common tools and patterns.

The incumbent must have a service-oriented mentality, a high sense of ownership of the problems and requests assigned, a focus on managing and resolving issues in alignment with the SLAs, establishing and maintaining communication with technology customers to keep them updated with status of their requests, initiating and performing changes on production systems and proactively escalating any issues that cannot be resolved within the established timeframes.

Additional insights, experience or background in any of the following are also of great value : NIST, ISO27001, Data Protection, Python Development, Static Code Analysis, Dynamic Code Analysis, Penetration Testing, Containers, MicroServices, CI / CD Pipeline, Agile, Git, Jira, Docker, Kubernetes, cloud security (AWS, Azure, GCP) and design, process maturity, and other related focuses.

Primary Accountabilities : Technical (80%)- Be the security representative for multiple product lines and act as the point of contact for software engineering and security.

  • Perform architecture reviews to steer projects in the right direction, participate in security code reviews, and automate penetration testing against products prior to move to production.
  • Support software engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure their architecture.
  • Review development frameworks for security functionality, consistency, and uplift opportunities.- Create threat models and leverage them to prioritize time based on risk impact.
  • Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects.
  • Implement and / or assess existing security controls.- Translate logical designs into physical designs; produce detailed designs and document all work using required standards, methods and tools, including prototyping tools where appropriate.
  • Design systems characterized by managed levels of risk, manageable business and technical complexity and meaningful impact;

works with well-understood technology and identifies appropriate patterns.Project Management (20%)- Work with application development teams to ensure secure software development lifecycle (S-SDLC) implementation and validation.

Educate and train product teams.- Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical cyber security subjects.

Specific Technical Skills Needed : Security and Risk Assessment : - Aware of Security governance principles and able to apply them to the enterprise- Understands the legal and regulatory Issues relevant to the enterprise and does not place the enterprise at risk.

Security Engineering : - Working knowledge of secure design principles- Working knowledge of database security- Working knowledge of cloud computing- Working knowledge of CryptographyIdentity and Access Management : - Physical and logical access- LDAP- Multi-factor authentication- Session management- Credential managementSoftware Development Security : - Working knowledge of software development lifecycles- Working knowledge of what software development methodologies are used in the enterprise and can explain what it means- Familiar with DevOps concepts- Working knowledge of security vulnerabilities and understands how the following work : Bounds checking, Input / output validation, Buffer overflow, Privilege escalation- Working knowledge of secure coding practices- Working knowledge of code repositoriesIndividual Competencies : - Integrity : Gains the trust of others by taking responsibility for own actions and telling the truth.

  • Teamwork : Builds relationships and works cooperatively with others, inside and outside the organization, to accomplish objectives to build and maintain mutually-beneficial partnerships, leverage information and achieve results.
  • Adaptable : Responds to change with a willingness to learn new ways to accomplish work objectives with a positive attitude.

Innovative : Ability to develop, sponsor, or support the introduction of new and improved methods, products, procedures or technologies.

  • Curious : A desire to inquire and learn, to seek new knowledge and wisdom, and to listen to the contributions of others with a genuine interest to better self, the team, and the organization.
  • Analytical and Critical Thinking : Ability to tackle a problem by using a logical, systematic, sequential approach.- Problem Solving : Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.
  • Skills : *Applications Security, S-SDLC, SDLC, OWASP Top 10, Developer, Cloud, Information security, Code Review, Threat Modeling, owasp, Application security, Security architecture, Vulnerability, code deployment*Top Skills Details : *Applications Security,S-SDLC,SDLC,OWASP Top 10,Developer,Cloud,Information security,Code Review,Threat Modeling*Additional Skills & Qualifications : *Required Qualifications : Bachelor’s degree in Computer Science, Information Technology or related field8-10 years of related work experience with application security, e.

g. DAST, SAST, SCA, cloud securityOr any equivalent combination of experience and training / certification that provides the required knowledge, skills, and abilities needed to complete the major responsibilities / essential functions of the positionCertifications preferred.

OSCP, CISSP, GCIH, GXPN, GPENWorking experience in web and mobile application securityWorking experience in distributed platform development security and designIn-depth knowledge of web and mobile security standards and best practices (OWASP, etc.

Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)Working experience with industry tools and technologies such as Burp, Metasploit, etc.

Working knowledge of common languages*Experience Level : *Expert Level About TEKsystems : We're partners in transformation.

We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia.

As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change.

That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

30+ days ago
Related jobs
TEKsystems
Wake Forest, North Carolina
Remote

Skills:*Applications Security, S-SDLC, SDLC, OWASP Top 10, Developer, Cloud, Information security, Code Review, Threat Modeling, owasp, Application security, Security architecture, Vulnerability, code deployment*Top Skills Details:*Applications Security,S-SDLC,SDLC,OWASP Top 10,Developer,Cloud,Infor...

Promoted
Online Consumer Panels America
North Carolina, US
Remote

Telecommute (you can work from home, work or school). Product Testers are wanted to work from home nationwide in the US to fulfill upcoming contracts with national and international companies. A paid Product Tester position is perfect for those looking for an entry-level opportunity, flexible or sea...

Promoted
OCPA
Garner, North Carolina
Remote

Telecommute (you can work from home, work or school). Product Testers are wanted to work from home nationwide in the US to fulfill upcoming contracts with national and international companies. A paid Product Tester position is perfect for those looking for an entry-level opportunity, flexible or sea...

Promoted
GL1
Garner, North Carolina

Telecommute (you can work from home, work or school). Product Testers are wanted to work from home nationwide in the US to fulfill upcoming contracts with national and international companies. A paid Product Tester position is perfect for those looking for an entry-level opportunity, flexible or sea...

Promoted
Kenneth Brown Agency
Wake Forest, North Carolina
Remote

Work from the convenience of your home, eliminating commute times and enabling a personalized and productive workspace. This presents an outstanding chance for both seasoned sales professionals and those at the entry level to initiate their careers in sales, making a substantial impact while enjoyin...

Promoted
Siemens
Wendell, North Carolina

Application Engineer - Switchgear / Solutions. The Engineer will work closely with Siemens Sales to prepare offers supporting customers in the Data Centers, Semiconductors, Industrial, Construction and Utility markets on technical, contractual, and commercial issues. Reviewing Customer documents and...

TEKsystems
Wake Forest, North Carolina
Remote

Top Skills:4) Excellent communication skillsJob Responsibilities: Function as a point of escalation for operational entities regarding regular or complex issuesWork on daily service tickets General duties include:Preferred Skills•CCNA/CCNP•CCIE R&S*Skills:*Network engineering, CCNA, Troubleshoot...

Away From Home Travels 2
Wake Forest, North Carolina
Remote

Uncapped Income on your terms, with your own business using the tools proving by a agency! Work when you want, from where you want!! Here's an overview of the responsibilities, skills, and qualifications typically associated with a customer consultant opportunity: Responsibilities: Industry Knowledg...

TEKsystems
Rolesville, North Carolina
Remote

Description:*Every remote candidates must have an reliable internet connection with a download speed of 20 and an upload speed of 5 to be able to successfully work from home within this role. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we wor...

Global Elite
Raleigh, North Carolina
Remote

Stable, work from home position. Virtual workshops and trainings. ...