Application Security Engineer Cyber Security

MatchPoint Solutions is a fastgrowing young energetic global ITEngineering services company with clients across the US. We provide technology solutions to various clients like Uber Robinhood Netflix Airbnb Google Sephora and more! More recently we have expanded to working internationally in Canada China Ireland UK Brazil and India. Through our culture of innovation we inspire build and deliver business results from idea to outcome. We keep our clients on the cutting edge of the latest technologies and provide solutions by using industryspecific best practices and expertise.

We are excited to be continuously expanding our team. If you are interested in this position please send over your updated resume. We look forward to hearing from you!

Essential Duties & Responsibilities

Act as a primary technical resource in development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities.

Manage application security program across multiple SDLCs.

Ensure cybersecurity requirements are met prior to production release.

Triage potential vulnerabilities identified by application security program with context of application and related business knowledge.

Maintain understanding of core functionality of supported software and firstparty applications.

Review and understand code from both business logic and technical standpoint.

Coordinate with developers to prioritize and remediate identified true positive vulnerabilities.

Collaborate with software development and quality assurance teams to ensure code is free from security defects.

Communicate cybersecurity standards applicable to technology and coding workflows.

Working with Application Security Engineers optimize security with existing technologies and processes.

Provide technical guidance to developers and engineers on cybersecurity best practices.

Review performance of controls such as threat modeling SCA SAST DAST IAST RASP Secrets Scanning Container Scanning Misconfiguration Identification Secure Code Review CI/CD Pipeline Security Deployment Environment Security.

Coordinate with software development leadership operations leadership IT leadership and cybersecurity leadership to integrate application security practices across departments.

Actively seek ways to improve secure software development processes.

Additional Responsibilities:

Develop and maintain security policies standards and guidelines.

Conduct code analysis of firstparty enterprise applications through both manual and automationenabled processes.

Provide remediation guidance and recommendations to developers and administrators based on identified vulnerabilities and existing technology stack.

Work with software development teams to prioritize and validate the urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.

Stay updated with the latest cybersecurity threats and trends and incorporate this knowledge into security architecture designs and practices.

Conduct training and awareness programs to enhance the security posture of the organization. Participate in security audits and assist in regulatory compliance efforts.

Work closely with IT operations and software development teams to ensure secure systems deployment and operations.

Actively contribute to the organizations cybersecurity strategy and roadmap.

Minimum Qualifications

• Outstanding collaboration and communication skills. Any of the following combinations of education professional experience or both:

At least 2 years of experience in a relevant DevSecOps role and technical degree in computer / information science; or

At least 4 years of experience in a relevant DevSecOps role; or

At least 6 years of related field work experience at least 1 year of which in a software development role and at least 1 of which in a cyber security role and technical degree in computer / information science; or

At least 8 years of relevant field experience at least 1 year of which in a software development role and at least 1 year of which in a cyber security role.

Demonstrated experience working with technical and nontechnical staff.

Knowledge of application security software development and cyber security concepts.

Basic knowledge of a broad range of IT Security Controls and Service Delivery standards and frameworks for example International Standards Organization (ISO) 27001 IT Infrastructure Library (ITIL) Control Objectives for IT (CoBIT) and Capability Maturity Model Integration (CMMI).

Experience with Amazon Web Services (AWS) Google Cloud Platform (GCP) Microsoft Azure or other cloud platforms with experience in developing and implementing software.

Experience developing software in various coding languages such as Java C# PHP etc.

Demonstrated knowledge of web applications cyber security and opensource technologies.

Safety is an essential function of this job.

Consistent and regular attendance is an essential function of this job.

Ability to execute multiple projects and tasks under tight deadlines.

Provide offhours support on an infrequent but as needed basis. (Potential shifts may run 24/7 dueto the needs of the business).

Strong interpersonal skills with the ability to communicate effectively with guests and other Team Members of different backgrounds and levels of experience.

Must be able to work varied shifts including nights weekends and holidays.

Additional Experience Recommended

Professional certification in multiple programming languages (C# .NET Java etc.) recommended.

Professional certifications in cyber security (CISSP OSCP etc.) recommended.

Experience with CI/CD and pipeline tools such as Jenkins Docker Kubernetes and others.

Knowledge of cloud platforms and services with experience in cloud security.

Experience with automated software and security testing tools and techniques.

Ability to stay updated with the latest industry trends and advancements in cybersecurity.

Understanding of enterprise software development practices.

Experience working with software development teams.

Experience identifying cybersecurity vulnerabilities and weaknesses in software.

Experience reading writing and auditing software in multiple programming languages.

Strong familiarity with common vulnerabilities and attack vectors.

Knowledge of common encryption technologies (AES PGP SSH SSL etc.).

Knowledge of common authentication protocols (OpenID Connect OAUTH SAML RADIUS LDAP KERBEROS etc.).

Previous work experience as an Application/Product Security Engineer or Software Developer.

Experience integrating security testing into an SDLC.

Experience with incident response and handling methodologies.

Experience with security technologies such as intrusion detection/prevention systems (IDS/IPS) firewalls SIEM etc.

Physical Requirements

Must be able to:

Lift or carry 20 pounds unassisted in the performance of specific tasks as assigned.

Physically access all areas of the property and drive areas with or without reasonable accommodation.

Maintain composure under pressure and consistently meet deadlines with internal and external customers and contacts.

Ability to interact appropriately and effectively with guests management other team members and outside contacts.

Ability for prolonged periods of time to walk stand stretch bend and kneel.

Work in a fastpaced and busy environment.

Work indoors and be exposed to various environmental factors such as but not limited to CRT noise dust and cigarette smoke.