Sr. Application Security Engineer

What You’ll Do:

• Collaborate with Product Mangers, Scrum Masters, and Application Architects identifying and injecting security requirements into Acceptance Criteria of epics/ stories.
• Conduct Threat Modeling on various components of application solutions.
• Hands-on coding on various security use cases into developers' unit, integration, Selenium, and API testing.
• Perform security testing via Static, Dynamic or Interactive tools and rule-out false positives.
• Collaborate with DevOps engineers and be hands-on on developing security features/ controls/ tests as infrastructure-as-code in CI/CD pipeline.
• Review, analyze, and help on re-test various Pen Testing items.
• Provides appropriate security guidance and answer technical and procedural questions for less experience team members; teaching improved processes and mentoring of team members knowledge transfer to design and implement appropriate safeguards.
• Collaborate and consult with cross functional IT teams and business partners to identify risks, develop technical standards, specifications, guidelines, and implement appropriate information security controls.
• Ensure that individual projects remain aligned with security strategies, architectural designs and standards through governance oversight and mentoring.
• Build relationships and maintain effective communications with the lead architects and development groups throughout the organization

About You:

• Passionate about Application Security
• Hand-on experience in static application security testing, dynamic application security testing, interactive application security testing, and penetration testing methodology, techniques, and tools
• Experience with 4+ years in Application Development with focus on security on Java, .Net, AngularJS, Python, JavaScript, open-source languages, and frameworks
• Solid knowledge of OWASP Top 10 and vulnerabilities and remediation technics
• Solid knowledge about Secure-by-Design and Secure-Coding approaches and technics
• Experience in Threat Modeling, API Security testing, and knowledge on container security
• Experience working with Agile/Scrum software development practice and DevOps culture
• Preferably experience with setting up Secure Cloud configurations (Azure, AWS etc.)

Qualifications and Experience:

• Bachelor's degree in Computer Science or related information technology field.
• Preferred having security related certification - CISSP, CCSP, GSEC, SANS GIAC or equivalent.
• Experience and Knowledge of SDLC, SCRUM
• Preferably 2 years professional project management experience preferred

Why You Should Work Here:

• The ability to work in an environment that encourages creativity and fresh ideas
• The ability to be on the leading edge of SaaS driven technology solutions for capital markets and regulatory disclosure requirements
• The opportunity to join a well-established and growing company that has just completed its most successful year

Solutia Consulting, Inc.® is an AA/EEO employer.

Last updated May 5th, 2022.