Application Security Engineer

Job Seekers can review the Job Applicant Privacy Policy by clickinghere.

Job Description:

SUMMARY

We seek a highly motivated and experienced Application Security Engineer to join our growing security team. This role is highly technical and candidates must possess a solid understanding of the security and privacy of our companys applications and data.

The Application Security Engineer must understand development coding security engineering and secure systems configurations. This position ensures that every step of the software development lifecycle (SDLC) follows security best practices. This involves conducting security assessments with SAST and DAST tools reading source code threat modeling and designing and implementing secure software development practices. They will determine where security vulnerabilities exist and implement fixes. They must understand how an application may be misused and exploited. The Application Security Engineer will collaborate with software development teams and provide guidance on best practices for secure coding. They will also stay up to date on the latest security trends and technologies and integrate them into the organizations security strategy. The ideal candidate will have strong analytical and problem-solving skills as well as experience in application security and knowledge of programming languages and web technologies. A Bachelors degree in Computer Science and certifications such as CISSP OSCP or CASE are preferred.

ESSENTIAL FUNCTIONS

• Conduct security assessments that require expertise of our organizations applications using both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) methodologies.

• Collaborate with software development teams to integrate security into the development life cycle.

• Conduct security assessments of web mobile and other applications. Analyze security assessment results to identify security vulnerabilities and provide guidance on remediation.

• Design and implement secure software development practices including threat modeling secure coding standards and code review.

• Stay current with security threats trends and technologies and recommend new security controls as needed.

• Conduct application security investigations and provide recommendations to mitigate risk.

• Maintain security documentation provide subject matter expertise and collaborate on security policies procedures and standards.

ADDITIONAL RESPONSIBILITIES

• Performs other duties as assigned.

EDUCATION

• Bachelors degree in computer science information security or a related field

EXPERIENCE

• Five (5) years or more experience with OWASP SAST DAST SCA RASP and common security tools required.

• Seven (7) years or more application security security engineering software development or a related field required.

• Five (5) years or more strong understanding of web application security and common attack vectors. (e.g. SQL injection XSS CSRF) required.

• Five (5) years or more experience with secure coding practices threat modeling and secure software development life cycle (SDLC) methodologies. required

• Five (5) years or more proven experience in diagnosing isolating resolving complex issues and recommending/implementing strategies to resolve problems required.

• Five (5) years or more demonstrated experience with systems integration processes methodology and tools required.

• Seven (7) years or more development and scripting experience required.

• Five (5) years or more professional application security role required.

• Five (5) years or more experience with API and Web Security required.

• Three (3) years or more experience with WAF or similar application security infrastructure a plus preferred.

• Seven (7) years or more experience in integrating security in CI/CD DevOps required.

• Six (6) years or more experience process or operation management

• Six (6) years or more experience Value Stream Mapping Continuous Flow Pull Replenishment and other process improvement experience.

SKILLS

• Excellent communication skills both verbal and written and the ability to work effectively with cross-functional teams.

• Ability to create and maintain professional relationships within all levels of the organization (peers work groups customers supervisors).

• Ability to work independently and as a member of a team.

• Flexibility to operate and self-driven to excel in a fast-paced environment.

• Capable of multi-tasking highly organized with excellent time management skills

• Proficiency in at least one programming language (e.g. Javascript) preferred. advanced required.

• Proficiency in at least one common scripting language (e.g. PowerShell bash etc.) advanced required.

• Familiarity of NIST framework PCI ISO 27001 SOC SOX CCPA GDPR and global regulations expert required.

• CI/CD experience with Azure Devops Terraform or other automation and integration technologies expert required.

• Risk management findings vulnerability prioritization threat modeling and mitigation strategy advanced required.

LICENSES

• CISSP OSCP CASE or other industry-leading certifications preferred.

TRAVEL

1-10%

Job Category

Compensation Information:

Thecompensationofferedtoa candidate may be influenced by a variety of factors including the candidates relevant experience; education including relevant degrees or certifications; work location; market data/ranges; internal equity; internal salary ranges; position may also be eligible to receive an annual bonus commission and/or long-term incentive plan based on the level and/ for the position are below:

Pay Type:

Minimum Pay Range:

Maximum Pay Range:

Benefits Information:

For all Full-time positions only: Ryder offers comprehensive health and welfare benefits to include medical prescription dental vision life insurance and disability insurance options as well as paid time off for vacation illness bereavement family and parental leave and a tax-advantaged 401(k) retirement savings plan.

Ryder is proud to be an Equal Opportunity Employer and Drug Free workplace.

All qualified applicants will receive consideration for employment without regard to race religion color national origin sex sexual orientation gender identity age status as a protected veteran among other things or status as a qualified individual with disability.

Important Note:

Some positions require additional screening that may include employment and education verification; motor vehicle records check and a road test; and/or badging or background requirements of the customer to which you are assigned.

Security Notice for Applicants:

Ryder will only communicate with an applicant directly from a @ email address and will never conduct an interview online through a chat type forum messaging app (such as WhatsApp or Telegram) or via an online questionnaire. During an interview Ryder will never ask for any form of payment or banking details and will never solicit personal information outside of the formal submitted application through you have any questions regarding the application process or to verify the legitimacy of an interview or Ryder representative please contact Ryder ator.

Current Employees:

If you are a current employee at Ryder please click here to log in to Workday to apply using the internal application process.

Job Seekers can review the Job Applicant Privacy Policy by clickinghere.