Senior Application Security Engineer
Senior Application Security Engineer
Posted on :
26-02-2025
Employer Active
1 Vacancy
The job posting is outdated and position may be filled
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Jobs by Experience
5years
Salary
Not Disclosed
Salary Not Disclosed
Vacancy
1 Vacancy
Posted on :
26-02-2025
Job Description
Title: Senior Application Security Engineer
Duration: 12 Months
Location: 80 Maiden Lane NY 10038
Note: This is an Onsite Role.
Job Description:
- Perform comprehensive cybersecurity risk analysis identifying and prioritizing risks specifically related to application security.
- Develop socialize and implement security strategies to address vulnerabilities in web applications microservices APIs and mobile applications.
- Track and manage progress against security plans ensuring timely remediation of identified vulnerabilities.
- Lead the security implementation in application development projects ensuring "secure by design" practices.
- Create and maintain architecture diagrams outlining secure communication flows and develop both highlevel and lowlevel security design documents.
- Troubleshoot and resolve application security issues in collaboration with internal teams and external vendors.
- Translate application compliance requirements into specific security controls recommending compensating measures where appropriate.
- Regularly report on the organization s security posture with a focus on application vulnerabilities to senior management.
- Perform/coordinate application vulnerability assessments and ensure timely remediation in collaboration with the Development IT and Systems teams.
- Implement secure coding practices perform static and dynamic application security testing (SAST/DAST) and support developers with secure code reviews.
- Monitor security incidents and respond to applicationlevel threats ensuring quick resolution of potential vulnerabilities.
- Establish and enforce secure configurations for applications and their underlying infrastructure such as databases and APIs.
- Perform threat simulations to detect risks and recommend improvements for securing application designs API security identity management and access control measures.
- Collaborate with teams to ensure continuous integration and continuous deployment (CI/CD) pipelines incorporate security controls.
MANDATORY SKILLS/EXPERIENCE :
- 12 years of experience in application security with a proven track record of conducting vulnerability assessments penetration testing and secure code reviews.
- Extensive experience in secure application development including knowledge of security frameworks like OWASP Top 10 and the ability to guide development teams in implementing secure coding practices.
- Proficiency in Software Composition Analysis (SCA) tools (e.g. Veracode AppSec) for identifying and managing vulnerabilities in opensource libraries and thirdparty components.
- Advanced knowledge of static and dynamic application security testing (SAST/DAST)
- tools (e.g. Veracode AppSec Burp Suite) and integrating these tools into CI/CD pipelines for
- automated security checks.
- Strong cloud security expertise including securing applications and workloads on AWS Azure or GCP and experience with Web Application Firewalls (WAF) and cloudnative security services.
DESIRABLE SKILLS/EXPERIENCE:
- Advanced cloud security experience: Experience securing cloud environments (AWS Azure GCP) with tools like Web Application Firewalls (WAF) and implementing IAM encryption and monitoring tools.
- Experience with scripting and automation using Python Bash or PowerShell to automate security tasks integrate security testing tools and improve the efficiency of security operations.
- Strong communication skills: Ability to effectively explain complex security concepts and risks to both technical teams and nontechnical stakeholders ensuring alignment on security measures.
- Leadership and mentoring skills: Experience leading security teams or initiatives mentoring junior engineers and fostering a culture of security awareness within the organization.
- Collaboration and crossfunctional teamwork: Proven ability to work effectively with development DevOps and IT teams to integrate security into all aspects of the business ensuring security goals align with business objectives.
- Highly flexible/willing to learn new technologies.
- Highly organized with excellent analytical problem solving and decisionmaking skills.
Additional Qualifications:
- Certifications such as Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) Certified Cloud Security Professional (CCSP) or GIAC Web Application Penetration Tester (GWAPT) are highly preferred.
- Knowledge of compliance standards like NIST PCIDSS and GDPR and how they apply to application security.
"If you are: bright motivated skilled a differencemaker able to get things done work with minimum direction enthusiastic a thinker able to juggle and multitask communicate effectively and lead then we would like to hear from you. We need exceptionally capable people for this role for our client so get back to us and tell us why you think you are a fit."
About Us:
Advanced cloud security experience: Experience securing cloud environments (AWS, Azure, GCP) with tools like Web Application Firewalls (WAF), and implementing IAM, encryption, and monitoring tools. Experience with scripting and automation, using Python, Bash, or PowerShell, to automate security tasks, integrate security testing tools, and improve the efficiency of security operations. Strong communication skills: Ability to effectively explain complex security concepts and risks to both technical teams and non-technical stakeholders, ensuring alignment on security measures. Leadership and mentoring skills: Experience leading security teams or initiatives, mentoring junior engineers, and fostering a culture of security awareness within the organization. Collaboration and cross-functional teamwork: Proven ability to work effectively with development, DevOps, and IT teams to integrate security into all aspects of the business, ensuring security goals align with business objectives. Highly flexible/willing to learn new technologies. Highly organized with excellent analytical, problem solving and decision-making skills.
Education
Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP), or GIAC Web Application Penetration Tester (GWAPT) are highly preferred. Knowledge of compliance standards like NIST, PCI-DSS, and GDPR and how they apply to application security.
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
