Senior Application Security Engineer
Senior Application Security Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Hello
My name is Dharmendra. I just received details on a great job that I believe you would be a great fit for. Please take a look below and share your interest. If not interested I would also appreciate if you can recommend me someone looking for a similar role.
Job Title: Senior Application Security Engineer
Location: New York NY
Duration: 12 Months
Interview: WebEx
Senior Application Security Engineer with CCSP/CISSP/CEH Certifications
Certifications such as Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) Certified Cloud Security Professional (CCSP). GIAC Web Application Penetration Tester (GWAPT) is highly preferred.
Mandatory skills:
15 years of experience in application security with a proven track record of conducting vulnerability assessments penetration testing and secure code reviews.
Extensive experience in secure application development including knowledge of security frameworks like OWASP Top 10 and the ability to guide development teams in implementing secure coding practices.
Proficiency in Software Composition Analysis (SCA) tools (e.g. Veracode AppSec) for identifying and managing vulnerabilities in opensource libraries and thirdparty components.
Advanced knowledge of static and dynamic application security testing (SAST/DAST) tools (e.g. Veracode AppSec Burp Suite) and integrating these tools into CI/CD pipelines for automated security checks.
Strong cloud security expertise including securing applications and workloads on AWS Azure or GCP and experience with Web Application Firewalls (WAF) and cloudnative security services.
Desirable skills/experience:
Advanced cloud security experience: Experience securing cloud environments (AWS Azure GCP) with tools like Web Application Firewalls (WAF) and implementing IAM encryption and monitoring tools.
Experience with scripting and automation using Python Bash or PowerShell to automate security tasks integrate security testing tools and improve the efficiency of security operations.
Strong communication skills: Ability to effectively explain complex security concepts and risks to both technical teams and nontechnical stakeholders ensuring alignment on security measures.
Leadership and mentoring skills: Experience leading security teams or initiatives mentoring junior engineers and fostering a culture of security awareness within the organization.
Collaboration and crossfunctional teamwork: Proven ability to work effectively with development DevOps and IT teams to integrate security into all aspects of the business ensuring security goals align with business objectives.
Highly flexible/willing to learn new technologies.
Highly organized with excellent analytical problem solving and decisionmaking skills.
Additional Qualifications:
Certifications such as Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) Certified Cloud Security Professional (CCSP) or GIAC Web Application Penetration Tester (GWAPT) are highly preferred.
Knowledge of compliance standards like NIST PCIDSS and GDPR and how they apply to application security.
Special requirements:
Occasional support outside of core business hours to accommodate 24/7/365 operation.
Employment Type
Full Time
