As an Applications Security Engineer, you will apply a security focused mindset to design, develop, test, maintain and document our client-facing applications. You will work with a broad range of new cloud-centric technologies in lockstep with experienced development partners.
If you enjoy working iteratively in small teams, our Scrumban approach to software development will meet the needs of any Agilist. We use a Lean Startup mentality for everything we build, using relentless prioritization to enable faster time to market with a minimal viable product. We use LeSS to scale development across multiple small teams of 3-5 people.
We are looking for a self-motivated developer who is happiest working in a collaborative environment. This person would seamlessly integrate and communicate fluidly with local, remote and client-facing teams while promoting and establishing secure coding best practices. This dazzling candidate would enjoy the benefits of an established company with start-up energy.
What You Will Do:
- Engineer, implement and monitor security measures for the protection of cloud-based infrastructure and client data
- Play a key role in defining secure configuration standards for key technology platforms early in the development lifecycle
- Create detailed business, technology, operational and security requirements
- Participate in and support application security reviews and threat modeling, including code review and dynamic testing
- Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts
- Lead in development of automated security testing to validate that secure coding best practices are being used using tools such as Selenium, OWASP Nettacker and OWASP ZAP
- Help design and implement processes and technology solutions to assess, monitor, audit and enforce compliance with internal and regulatory requirements such as ISO27001, FedRamp, CUI/CMMC, NIST and others
- Collaborate with Client's Security Operations team for internal assessment details, third party penetration tests, feedback, lessons learned and documentation of results
- Bachelor’s degree or equivalent work experience in Information Technology, Cyber Security, Management of Information Systems, Computer Science, Informatics, Information Science or similar discipline
- 3+ years of experience working in software development, IT, security engineering, application security, enterprise SaaS infrastructure environment, or similar role(s)
- 2+ years of experience in software/application security required
- Familiarity with common security libraries, security controls, and common security flaws
- Basic development or scripting experience and skills. C#, Ruby are preferred
- Experience with OWASP, static/dynamic analysis, and common security tools
- Working knowledge of cryptography, both symmetrical (AES) and asymmetrical (RSA/DSA/EC)
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner
- Experience identifying security issues through code review
- Security certification such as CASE, CEH or equivalent work experience preferred
Solutia Consulting, Inc.® is an AA/EEO employer.
Last updated April 28th, 2022.