The Application Security Engineer has a strong development experience in numerous programming languages. This role is the subject matter expert (SME ) for concepts behind security controls and how they apply to application development, web presence and API services. This individual is accountable for identifying weaknesses in our security posture within the application or web space while defining methods to achieve security control requirements via automation or highly efficient means that further support timely delivery with minimal overhead. They work in a team of infrastructure specialists, developers, and engineers making sure services are delivered and used securely as required. Works with and supports third parties to provide security services. The Application Security Engineer will advise and enable development and technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns.
Required Qualifications:
Bachelor's degree in Computer Science, Information Technology or related field or equivalent work experience required. Masters degree preferred.
3-5 years of related work experience in security engineering
Strong experience in web and mobile application security
Strong experience in distributed platform development security and design
In-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)
Strong foundation in core information security principles and concepts (HTTPS/TLS, OAuth, SAML, SSO, etc.)
Working knowledge of common software engineering languages such as Python, Golang,
Javascript, Java, etc.
Familiarity in public cloud security deployment and implementation issues (AWS, Azure, GCP)
Familiarity with audits and standards requirements such NIST, ISO 27001, HIPAA, HITECH, GDPR, CPRA, PCI DSS, SOC 1 & 2, etc.
Proven expertise in enterprise-grade and web scale security solutions
Excellent communication skills
Ability to explain complex security topics in simple terms
Ability to lead and project manage multiple security initiatives
Identity and Access Management
Software Development Security
Aware of software development lifecycles
Aware of what software development methodologies are used in the enterprise and can explain what it means
Familiar with DevOps and DevSecOps concepts and practices
Aware of Security vulnerabilities
Familiar with secure coding practices
Familiar with common versioning control system/code repository operations and security practices, e.g. git
Recuerda que ningún reclutador puede pedirte dinero a cambio de una entrevista o un puesto. Asimismo, evita realizar pagos o compartir información financiera con las empresas.