Job Title : Applications Security Engineer DevSecops / CyberSecurity
Location : Remote ( Remote conditions With Expectation to travel tooffice 23 times a year Candidates local to Las Vegas expected to bein office minimum twice amonth. )
Duration : 6 MonthsCTH
ImportantInformation toNote :
Clientis using a variety of tools. For cybersecurity they are usingsoftware composition analysis (SCA) Docker container scannersinfrastructureascode scanners Git Leaks and Git Custodian.
In termsof application security they are using Checkmarx AppScan FortifySonarQube AppScan Standard HP WebInspector Burp Suite for manualpenetration testing and Veracode and Tenable for vulnerabilitymanagement.
They also use some less modern tools like Pascal formanaging products on the gamingfloor
PositionOverview
Theprimary responsibility of the Application Security Engineer CyberSecurity is to support technologies that enable the companies cybersecurity goals and objectives securing the confidentialityintegrity and availability of software and computer informationsystems.
The role will serve as a security engineer for softwaredevelopment supporting technologies that facilitate security of thesoftware products and services.
Additional key responsibilities ofrole include review of vulnerabilities identified by applicationsecurity technologies and processes and provide the true positiveresults to the appropriate software development teams andcoordination with those teams to support their triage andremediation efforts for identified valid vulnerabilities.
Allduties are to be performed in accordance with departmental andClients policies practices andprocedures.
EssentialDuties &Responsibilities
- Actas a primary technical resource in development of a comprehensivesecurity program to support various Software Development Lifecycles(SDLCs) and ensure that software developed in this SDLC is free ofsecurityvulnerabilities.
- Manageapplication security program across multipleSDLCs.
- Ensurecybersecurity requirements are met prior to productionrelease.
- Triagepotential vulnerabilities identified by application securityprogram with context of application and related businessknowledge.
- Maintainunderstanding of core functionality of supported software andfirstpartyapplications.
- Collaboratewith software development and quality assurance teams to ensurecode is free from securitydefects.
- Reviewperformance of controls such as threat modeling SCA SAST DAST IASTRASP Secrets Scanning Container Scanning MisconfigurationIdentification Secure Code Review CI / CD Pipeline SecurityDeployment EnvironmentSecurity.
- Activelyseek ways to improve secure software developmentprocesses.
Nicetohave
- Professionalcertification in multiple programming languages (C# .NET Java etc.)recommended.
- Professionalcertifications in cyber security (CISSP OSCP etc.)recommended.
- Experiencewith CI / CD and pipeline tools such as Jenkins Docker Kubernetes andothers.
- Knowledgeof cloud platforms and services with experience in cloudsecurity.
- Experiencewith automated software and security testing tools andtechniques.
- Experienceintegrating security testing into an SDLC.
The primary responsibility of the Application Security EngineerCyber Security is to support technologies that enable the companiescyber security goals and objectives, securing the confidentiality,integrity and availability of software and computer informationsystems.
The role will serve as a security engineer for softwaredevelopment, supporting technologies that facilitate security ofthe software products and services.
Additional key responsibilitiesof role include review of vulnerabilities identified by applicationsecurity technologies and processes and provide the true positiveresults to the appropriate software development teams, andcoordination with those teams to support their triage andremediation efforts for identified, valid vulnerabilities.
Allduties are to be performed in accordance with departmental andClient's policies, practices, and procedures. Essential Duties& Responsibilities Act as a primary technical resource indevelopment of a comprehensive security program to support variousSoftware Development Lifecycles (SDLCs) and ensure that softwaredeveloped in this SDLC is free of security vulnerabilities.
Manageapplication security program across multiple SDLCs. Ensurecybersecurity requirements are met prior to production release.
Triage potential vulnerabilities identified by application securityprogram with context of application and related business knowledge.
Maintain understanding of core functionality of supported softwareand first-party applications. Collaborate with software developmentand quality assurance teams to ensure code is free from securitydefects.
Review performance of controls such as threat modeling,SCA, SAST, DAST, IAST, RASP, Secrets Scanning, Container Scanning,Misconfiguration Identification, Secure Code Review, CI / CD PipelineSecurity, Deployment Environment Security.
Actively seek ways toimprove secure software development processes. Nice to haveProfessional certification in multiple programming languages (C#,.
NET, Java, etc.) recommended. Professional certifications in cybersecurity (CISSP, OSCP, etc.) recommended. Experience with CI / CD andpipeline tools such as Jenkins, Docker, Kubernetes, and others.
Knowledge of cloud platforms and services, with experience in cloudsecurity. Experience with automated software and security testingtools and techniques.
Experience integrating security testing intoan SDLC.