Application Security Engineer in Rockville, MD at ConsultNet

Date Posted: 6/27/2019

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    Rockville, MD
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    6/27/2019
  • Job ID:
    19-01355

Job Description

Our client, one of the largest Amazon Web Services (AWS) partner for data services, is looking for a Application Security Engineer to support data integration and master reference data development and operations. The successful candidate will help onboard new data sets using the existing MDM framework implemented in the AWS cloud.
 
Major Purpose:
The Application Security Engineer (ASE) is responsible for supporting the promotion, design, and evaluation of application security in all phases of the application life cycle. The ASE shall ensure that appropriate and effective security techniques and solutions are identified, implemented, and used.
 
Essential Job Functions:
  • Software Security Assessment:  Evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques.
  • Application Security Control Development:  Provide expert guidance to developers on the appropriate selection and implementation of relevant application security controls.
  • Security Awareness Training: Design, develop and deliver presentations focused on raising awareness for crucial security relevant considerations and defensive programming techniques.
  • Support the planning and execution of the application security testing and evaluation program with possibility to mentor junior team members
  • Participate in research of information security technologies (in the areas of application and application infrastructure components), and identification of relevant new and emerging threats.
  • Advise and consult internal clients on appropriate application of security practices and existing security services to solve problems or enable new business opportunities. 
  • Research and implement new security technologies to be used as point solutions for IT initiatives unable to take advantage of or needing greater functionality than reusable enterprise security services.  
  • Recommend new security service development ideas based on accumulated knowledge of project-specific security requirements.  Identify and implement improvements to application security team processes and supporting software tools to continually improve the team’s effectiveness and efficiency.  
  • Serve as subject matter expert on application and information security technologies and methodologies. 
 
Other Job Functions:
  • Perform other duties and responsibilities as assigned.
 
Essential Education/Experience Requirements:
  • B.S or M.S in Computer Science, or equivalent education or experience.  Emphasis in software security a plus.
  • (1-3) years of professional experience with a B.S degree to include either (experience with both a plus):
    • Software engineering and development with emphasis on the delivery of secure, Internet-exposed, multi-tier, web-based systems using Java/J2EE and/or C#/ASP/.NET (experience with both a plus).
    • Hands-on experience evaluating the security of applications using both manual and automated techniques.  Relevant tool experience should include code security scanners such as Fortify SCA, Checkmarx; web vulnerability scanners such as HP WebInspect or IBM Rational AppScan; assessment support tools such as BurpSuite, Metasploit, or Core Impact.
  • Strong written and verbal communication skills.  Specific relevant experience may include technical reports (especially application security assessment reports), technical whitepapers, presentation development and delivery (for both technical and business audiences), technical training, etc.  Candidate should have experience making and defending sound technical arguments that incorporate relevant technical and business considerations, and building consensus among stakeholders.
 
Desirable Security-related Experience with the following:
  • Knowledge of security considerations related to virtualization and cloud computing.
  • Mobile Application Security on iOS and/or Android devices; includes experience in secure development of applications and/or analysis.
  • Knowledge/hands-on experience in implementing DevSecOps (enabling security in DevOps)
  • Knowledge/hands-on experiences of AWS fundamentals and security a plus.
  • Financial services industry (Insurance, Banking, Investments) experience a plus.
  • Providing software architecture security guidance, including developing application threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities.
  • Design patterns and coding standards for secure software.
  • Familiarity with commonly used authentication & authorization systems such as Siteminder, Okta, ForgeRock.
  • Knowledge of PKI systems
  • Knowledge of cryptographic tool kits for application development such as RSA BSAFE or others.
  • End-to-end, hands-on experience in security solutions for complex enterprise architectures.
  • Knowledge of cryptographic solutions for protection of data in use, in transit and at rest, such as: Masking, SSL/TLS, IPSec, or format preserving encryption & sanitization.
 
ConsultNet is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, ancestry, citizenship, disability, age, military or veteran status, and other characteristics protected under federal, state and local law.