Application Security Engineer (Hybrid - US)

Interested in joining a growing company where you will work with talented colleagues enhance a supportive and energetic culture and be part of the climate solution At Energy Solutions we focus on the big impacts. And we believe that market-based programs can be a powerful force to deliver large-scale energy carbon and water-use savings. Since 1995 weve harnessed that power to offer proven performance-based solutions for our utility government and institutional customers.

Description:

The Application Security Engineer will be hands on performing day to day application security and compliance activities. In performing this task the Application Security Engineer will be expected to collaborate and build partnerships with multiple business units within our company. Professionalism and high ethical standards are expected.

Responsibilities:

• Manage security related tasks in the SDLC to ensure that software development activities remain in compliance.
• Responsible for interpreting justifying explaining reviewing etc. compliance related changes and requirements to our code base leads
• Collaborate withsoftware developers and code base leads
• Be the bridge between the technical requirements from the business (ie. Security Privacy Compliance)
• Participate as a SME in security architecture including new designs and design review
• Recommend application security improvements based on best practices OWASP standards and other web application security frameworks
• Actively review architecture and compliance-related code changes
• Manage and maintain API Security including vulnerability scans and best practices
• Manage security components of the Mendix web development platform
• Manage security components in Django
• Manage scans and findings from Static Code Analysis tools such as GitHub Advanced Security
• Train and educate IS staff on security best practices including OWASP Top 10
• Ensure compliance with policies and standards such as secure separation of environment
• Manage and maintain all security related tickets including recommendations testing and validation

Security Compliance (SOC 2 and NIST 800-53 control implementation and maintenance)

• Scan and Remediate vulnerabilities
• Monitor and maintain compliance with SOC 2 NIST 800-53 and other required frameworks
• Security representative for Configuration Change Control
• Verification of implemented security controls
• Standards Processes and Tools for Security compliance
• Criticality Analysis and Impact Analysis of security related changes
• SIEM - Ongoing security monitoring including Datadog application logs CloudWatch and other systems

AWS

• Manage and maintain security in AWS Security including IAM policies permissions security groups and security monitoring
• Maintain Web Application Firewall and associated rules to protect applications and systems
• Manage and monitor Database Security (RDS Postgres Redshift) including reviewing logs and validating permissions and making security recommendation.

Minimum Qualifications:

• Minimum 3 years of hands-on application security experience including secure SDLC integration design review best practices and vulnerability identification/remediation.
• Minimum 3 years hands-on experience securing web application frameworks and applications.
• Minimum 3 years ofsecurity frameworks: NIST-800-53/ SOC 2

Preferred Qualifications:

• Excellent verbal and written communication skills.
• Strong organizational skills and attention to detail.
• Strong analytical and problem-solving skills.
• Ability to prioritize tasks according to severity
• Ability to adapt to the needs of the organization
• Experience with Django/Python preferred.
• Proficient in AWS Security services (I.E. Cloud watch Guard Duty)
• Excellent interpersonal and negotiation skills.
• Excellent organizational skills and attention to detail.
• Excellent time management skills with a proven ability to meet deadlines.
• Strong analytical and problem-solving skills.

Compensation to commensurate with experience with the pay band of $94200 - $119800/Annually with a Target range of $94200 - $107820

Compensation is commensurate with experience and includes a generous retirement package. Energy Solutions provides an excellent benefits package including medical dental and vision insurance other pre-tax contribution plans and an Employee Stock Ownership Plan (ESOP).

AI Use

At Energy Solutions we believe in the importance of authentic interactions and equitable opportunities. We base our candidate selection on ones own skills knowledge and experience. To ensure the integrity and fairness of our interview process the use of artificial intelligence (AI) tools (including Generative AI) or other means to generate or assist with responses during interviews is strictly prohibited. This practice supports our commitment to create a transparent and equitable space where skills knowledge and experience skills can truly shine.

Equal Opportunity Employer

Energy Solutions is an affirmative action-equal opportunity employer and prohibits discrimination and harassment of any type. We afford equal employment opportunities to employees and applicants without regard to race color religion sex sexual orientation gender identity or expression pregnancy age national origin disability status genetic information protected veteran status or any other characteristics protected by law. Energy Solutions conforms to the spirit as well as to the letter of all applicable laws and regulations.

Office Locations and a Remote Workforce

Energy Solutions operates as a predominantly remote workforce with offices insix different locations. Employees who reside within 40 miles of an office (except New York) will be assigned to that location though in-office attendance requirements may vary by team. At this time we are not accepting applications from candidates residing in the following states: Delaware Kentucky Mississippi Montana Nebraska North Dakota and Wyoming.

Background Check Information

Information will be requested to perform the compulsory background check. A drug screen and authorization to work in the U.S. indefinitely are preconditions of employment. Energy Solutions is an equal opportunity employer.

Reasonable Accommodations

Energy Solutions is committed to providing access and reasonable accommodation for individuals with disabilities. If you require accommodations in completing this application interviewing and/or completing any pre-employment testing or otherwise participating in the employee selection process please email .

Privacy Notice for Job Applicants