Contact Us 877.823.3669

Application Security Engineer in Colorado Springs, CO at SNI Technology

Date Posted: 8/22/2019

Job Snapshot

Job Description


Our client is seeking an Application Security Engineer for an exciting direct hire opportunity. The Application Security Engineer works as a member of the Information Security team, building, executing, and improving application security initiatives within Development, Quality Assurance, and Operations.

DUTIES:

  • The Engineer ensures that our applications and infrastructure are designed and implemented to excellent standards thus maintaining and enhancing customer trust. The Engineer works closely with Development, Product, Global IT, and Operations teams to secure our applications and environment. The Engineer drives company enterprise encryption initiatives. Architect, design, implement, support, and evaluate Information Security department solutions and services including code and application analysis tools, testing and vulnerability management tools, enterprise encryption tools, and other security tools, including informal leadership across functions and project leadership roles.
  • Perform vulnerability detection, assessment, and mitigation, using automated tools and manual attacks in both black-box and white-box scenarios. Identify security issues and risks and develop mitigation plans. Track and report remediation.
  • Promote secure development standards, and drive increasing security maturity. Participate in the security architecture and secure configuration initiatives across company enterprise.
  • Champion and assist teams implementing the company's standards to make our applications safer (both internal and external). Evangelize security within the company and be an advocate for customer trust.
  • Track and research the latest attacks and how they might apply to our environments
  • Perform miscellaneous duties as assigned
  • Participate in incident handling



REQUIREMENTS:

  • Bachelor's degree in technical engineering or equivalent (or 4 additional years of relevant experience in lieu of degree)
  • CISSP certification
  • 5 years of experience writing and reviewing code with colleagues, each with different priorities, backgrounds, and abilities in several of: DevOps, PHP, MySQL, AJAX, Java, Python, HTML/JavaScript, Perl, Scala, Node.js, Ruby, C++, C#, SQL, Delphi, and/or .net
  • Unix or windows shell scripting
  • BlackBox and WhiteBox security testing, vulnerability scanning, and penetration testing
  • Security code review
  • Static Analysis Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Mobile application security (iOS, Android, others)
  • Threat/attack modeling
  • Strong knowledge of secure development practices
  • Deep knowledge of common web application vulnerabilities (e.g. XSS, CSRF, clickjacking) and their mitigation strategies.
  • Knowledge of system security vulnerabilities and remediation techniques
  • Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • Knowledge of security across multiple disciplines (data, database, operating system)
  • Strong understanding of threat modeling and security methodologies
  • Familiarity with protocol analysis methods and cryptography
  • Excellent English communications skills
  • Ability to interact professionally with senior leadership and can articulate key messages to a range of technical and non-technical audiences
  • High degree of self-sufficiency, ownership, and pride of deliverables
  • Strong background in fundamental information security concepts required
  • Strong analytical skills