Application Security Engineer
Location: Chicago, IL
A $30B+ global company which is in the midst of a major transformation to be a very nimble, open source development, and cloud enabled organization is seeking a strong Application Security Engineer with hands on development experience in a Java environment. This organization is also centralizing their already strong cybersecurity team but seeking this key resource to work closely with the product and software development teams, product owners, and scrum masters to threat model, vulnerability scan, and pen test the early software, system, and network architecture and identify required control points in the application stack. Again, the ideal candidate will have recent Java development skills and be able to coach developers on secure coding principals. The Application Security Engineer will also work closely with developers to diagnose, document, and remediate application security vulnerabilities. The Application Security Engineer will also be responsible for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.
Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.
- Develop and maintain a balanced application security program based on a well-defined application security framework
- Conduct application security assessments / penetration tests and implement tools for dynamic/automated code review
- Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments.
- Ensure compliance with society, regulatory, and industry standards for application security.
- Continuously evaluate the organization’s existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
- Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
- Conduct code reviews and penetration testing
- Develop and maintain unit and integration tests designed to ensure security controls are tested on every build
- 3-5 years progressive experience in Application Development OR Information Security OR Software Quality Assurance
- Strong understanding of application security concepts for internet technology, architecture and protocols
- Knowledge of OWASP Top 10, CWE Top 25 concepts including Sql Injection, XSS, etc
For immediate consideration please email a resume to email@example.com