About this role
As an Application Engineer embedded within our Agile development teams, you will play a crucial role in ensuring the security and integrity of our applications, systems, and data. While working closely with cross-functional Agile teams, you will report directly to the Information Security Application Security Team to act as a liaison and subject matter expert aligning efforts across the broader security strategy.
Responsibilities:
- Partner with enterprise and solutions architects, software engineers, product owners, DBAs and QA engineers to ensure adequate security is in place throughout the SDLC.
- Collaborate with Agile teams throughout the software development lifecycle to integrate security requirements, perform risk assessments, and address security issues.
- Provide guidance and support to Agile teams on secure coding principles, security frameworks, and OWASP Top 10 vulnerabilities.
- Conduct threat modeling exercises with Agile teams to identify potential security threats and recommend appropriate mitigation strategies.
- Plan, coordinate, and execute security testing activities, including penetration testing, vulnerability scanning, and security assessments. (Experience with Dynamic Application Testing)
- Assist in incident response activities related to application security incidents and contribute to post-incident reviews to improve security measures.
- Promote security awareness within Agile teams by organizing workshops, training sessions, and providing timely security updates.
- Maintain accurate and up-to-date security documentation, including security guidelines, standards, and procedures, to ensure compliance with industry regulations.
- Continuously monitor and assess the security posture of applications, propose enhancements, and drive the implementation of security improvements.
- Identify and communicate potential security risks and vulnerabilities to the Information Security Application Security Team, helping in the formulation of risk management strategies.
- Foster a collaborative and productive working relationship with Agile teams, sharing knowledge and best practices to improve overall security awareness and practices.
- Evaluate and recommend security tools, solutions, and technologies that align with the organization's security goals.
Requirements:
- Fluent English
- 1+ years of experience in a software development role such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer with a good understanding of application security.
- Knowledge of web application (SaaS) design best practices and secure software development.
- Familiarity with relevant security standards, regulations, and frameworks (e.g., OWASP, NIST, ISO 27001).
- Experience with SOAP and REST APIs.
- 1+ years of experience completing application security testing engagements and reports.
- Solid knowledge of common web application security vulnerabilities, secure coding principles, and secure development frameworks.
- Demonstrated ability to work collaboratively within a team and across departments to achieve common security goals.
- Strong problem-solving skills and the ability to think critically under pressure.
- Self-motivated, proactive, and able to work independently with minimal supervision.
Preferred:
- Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CISM, CSSLP) are a plus.
- Experience with security testing tools and techniques (e.g., SAST, DAST, IAST) to identify and remediate security issues.
- Strong understanding of Agile software development methodologies and experience working closely with Agile development teams.
- Strong knowledge of .NET 4.0+ and Core, MVC 4/5, and Entity Framework.
- Excellent communication and interpersonal skills, with the ability to convey complex security concepts to technical and non-technical stakeholders.
- Knowledge of DevSecOps practices and experience with CI/CD pipelines is desirable.