Sr. Application Security Engineer

Minneapolis/St. Paul
The Sr. Application Security Engineer performs the role of subject matter expert on implementing and testing of secure systems and architecture requirements, performing architecture security and design reviews, and recommending secure solutions to protect application portfolios across the enterprise in a way that is consistent with information security standards.

What You’ll Do:

  • Collaborate with Product Mangers, Scrum Masters, and Application Architects identifying and injecting security requirements into Acceptance Criteria of epics/ stories.
  • Conduct Threat Modeling on various components of application solutions.
  • Hands-on coding on various security use cases into developers' unit, integration, Selenium, and API testing.
  • Perform security testing via Static, Dynamic or Interactive tools and rule-out false positives.
  • Collaborate with DevOps engineers and be hands-on on developing security features/ controls/ tests as infrastructure-as-code in CI/CD pipeline.
  • Review, analyze, and help on re-test various Pen Testing items.
  • Provides appropriate security guidance and answer technical and procedural questions for less experience team members; teaching improved processes and mentoring of team members knowledge transfer to design and implement appropriate safeguards.
  • Collaborate and consult with cross functional IT teams and business partners to identify risks, develop technical standards, specifications, guidelines, and implement appropriate information security controls.
  • Ensure that individual projects remain aligned with security strategies, architectural designs and standards through governance oversight and mentoring.
  • Build relationships and maintain effective communications with the lead architects and development groups throughout the organization

About You:

  • Passionate about Application Security
  • Hand-on experience in static application security testing, dynamic application security testing, interactive application security testing, and penetration testing methodology, techniques, and tools
  • Experience with 4+ years in Application Development with focus on security on Java, .Net, AngularJS, Python, JavaScript, open-source languages, and frameworks
  • Solid knowledge of OWASP Top 10 and vulnerabilities and remediation technics
  • Solid knowledge about Secure-by-Design and Secure-Coding approaches and technics
  • Experience in Threat Modeling, API Security testing, and knowledge on container security
  • Experience working with Agile/Scrum software development practice and DevOps culture
  • Preferably experience with setting up Secure Cloud configurations (Azure, AWS etc.)

Qualifications and Experience:

  • Bachelor's degree in Computer Science or related information technology field.
  • Preferred having security related certification - CISSP, CCSP, GSEC, SANS GIAC or equivalent.
  • Experience and Knowledge of SDLC, SCRUM
  • Preferably 2 years professional project management experience preferred

Why You Should Work Here:

  • The ability to work in an environment that encourages creativity and fresh ideas
  • The ability to be on the leading edge of SaaS driven technology solutions for capital markets and regulatory disclosure requirements
  • The opportunity to join a well-established and growing company that has just completed its most successful year

Solutia Consulting, Inc.® is an AA/EEO employer.

Last updated May 5th, 2022.

Copyright © 2023 Solutia Consulting. All rights reserved.
1241 Amundson Cir, Stillwater, MN 55082