Sr. Application Security Engineer in Montpelier, VT at ConsultNet

Date Posted: 4/19/2021

Job Snapshot

Job Description

TITLE: Senior Application Security Engineer

LOCATION: Montpelier, VT or Addison, TX

DURATION: Full-time Direct Hire

Will be the primary liaison between Information Security and Applications Development, ensuring ongoing communication, education and security testing across the teams. Successful candidate will be the organization's primary application security expert to ensure client and server-side software implementations are designed and implemented using the best security practices.  Expected to help ingrain secure software development practices into the culture of the organization.

  • Align with and support the execution of the Information Security program's vision and strategy
  • Formalize and evangelize secure software development lifecycle practices (SSDLC)
  • Define security requirements within the SSDLC to communicate security requirements based on data classification.
  • Serve as a technical point of contact for product teams as it relates to automation, CI/CD, and Application Security Operations
  • Design and implement security features across a variety of application and OS platforms
  • Perform regular web and mobile application assessments to identify vulnerabilities and collaborate with stakeholders to remediate.
  • Perform regular reviews to ensure SSDLC is being followed
  • Define technical and functional requirements covering areas of software design, including microservice APIs, Cloud Services (Azure, AWS, etc.), and XaaS integration
  • Regularly monitor and respond to events in Azure Security Center
  • Perform software reviews, analyze security flaws and risks, and influence product designs.
  • Perform formal threat model analysis on multiple client and server-side software programs.
  • Work with validation teams to determine best methods to test product security.  Familiar with penetration testing and in some cases, can design and perform your own penetration tests.
  • Investigate reported security incidents on our software and act as the communication point for executive updates in those situations.
  • The role requires a practical view of the trade-offs of security and needs to be able to find acceptable compromises in terms of cost, schedule, and features.
  • Serve as an information security subject matter expert and trusted advisor by providing advisory and consulting services as required
  • Understand current and emerging security threats and partner with architecture to mitigate threats
  • Stay abreast of new security technologies and integrate into security design when appropriate
Experience:
  • Bachelor's degree in Computer Science or related field, or demonstrated equivalent experience required
  • 7 - 10 years of experience in application security and/or leading secure coding development   
  • Coding experience with .NET, Java, JavaScript, and/or Python experience required.  Windows development experience required.  This role requires the ability to identify code security flaws across multiple platforms.
  • Experience designing and implementing Container Security, API Security, and Azure Cloud Security.
  • Strong knowledge of Containerization technologies such as; Kubernetes, OpenShift, Docker
  • Experience in encryption and authentication methodologies.
  • Experience reviewing vulnerability assessments and code security reviews.
  • Experience with security technologies and assessment tools.
  • Deep understanding of OWASP Top 20, CWE 25, Data Protection
  • Basic familiarity with waterfall and agile development processes and have experience integrating secure development practices into both models. 
  • Deep knowledge and experience in using SAST, DAST and fuzz testing tools
  • Basic understanding of application, network, operating system, and core infrastructure security concepts and concerns
  • Understanding of emerging technologies in IT such as a Cloud Platform and Mobile BYOD as well as the associated security risks
  • Certification or willingness to attain certification within 18 months, CISSP or CSSLP certifications preferred. 
  • Strong analytical and problem-solving skills.
  • Ability to meet established deadlines; must be a self-starter and be able to work independently as well as being a team player
  • Excellent communication and presentation skills, with the ability to present ideas in a collaborative team setting and in a user-friendly language
  • Ability to multitask
  • Must be able to react quickly and efficiently to production issues
  • Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including senior managers and suppliers
  • Energy and a clear passion for the role
  • Demonstrated personal values aligned with our servant leadership tenants

Be a part of the ConsultNet difference. As a leading national provider of IT staffing and solutions, ConsultNet delivers exceptional services to startup, midmarket and Fortune 1000 companies across North America. Since 1996, we've partnered with clients to create rewarding opportunities for our consultants, successfully building teams that have surefire results.

In the past two years alone, we have placed more than 1,500 consultants in contract, contract-to-hire, or direct placement opportunities. We understand communication is key to finding the right job that matches your skills and career goals. For us, it's not just the work that we do; it's how we do the work. Our breadth of offerings extends to multiple IT positions in major markets throughout the country, see more at - www.consultnet.com 

CHECK OUT OUR SIMILAR JOBS

  1. Software Engineer Jobs
  2. Project Engineer Jobs