BaltimoreRecruiter Since 2001
the smart solution for Baltimore jobs

Application Security Engineer

Company: Prosum
Location: Laurel
Posted on: January 16, 2022

Job Description:

Looking for your challenge in security? Keep reading - we have provided an extremely detailed description of this role and who are looking for!
A little About the Opening:

  • The application security engineer is responsible for validating that application services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security engineer addresses legacy and emerging security issues and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. As issues are uncovered, the application security engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation - allowing for business continuity, but without negligent risk.
  • This position is also responsible for assessing the security of applications for business-to-business initiatives, third-party relationships, outsourced solutions, and vendors.A Bit About You:
    • Considered a highly knowledgeable individual, the application security engineer is expected to recommend programmatic controls, and monitor and manage secure development practices to address modern day issues. Application security engineers think like attackers, but always acts with integrity and do not abuse their privilege.
    • What We Need from you:
    • Act as a trusted point of contact for the chief information security officer (CISO) and chief technical officer (CTO) to help review and secure custom applications.
    • Perform vulnerability and penetration testing.
    • Document security findings with reasonable methods to secure.
    • Focus on automation to aid in efficiencies with both testing and remediation of findings.
    • Work in tandem with developers to provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by application security assessments.
    • Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing.
    • Attend and participate in application projects and change management committees. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning.
    • Fully define and follow a security review process to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources.
    • Use security standards and implementation configurations, as well as common
    • Document delivery and implementation advances that meet defined service-level agreements
    • Align with architects and development teams for a mission of secure design.
    • Provide guidance to developers and junior application security engineers on weaknesses to avoid.
    • Actively participate and lead security team meetings that facilitate secure design.
    • Highly engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects. Additionally, deliver projects on time, within budget and in accordance with SLAs.
    • Focus on application security that observes compliance - 21cfrPT11, HIPAA, GDPR, PCI, SOX, etc. - and privacy laws.
    • Work in tandem with architects, the security operations center (SOC), incident responders (when anomalous activity and host compromise occurs), and technology infrastructure and development team members.
    • Respond to and handle service and escalation tickets within SLA expectations.
    • Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not impacted.
    • Drive security efficiencies, enabling security team members to work on more advanced tasks.
    • Conduct performance testing to stress the limitations of security solutions while ensuring business innovation and day-to-day processes are not negatively impacted.
    • Perform other duties as assigned.Qualifications:Minimum:
      • At least 5+ years' experience in cybersecurity, including compliance and risk management with a system and network security engineering background and Bachelor's degree in computer science or equivalent work experience.
      • Highly technical and analytical experience, with a proven deep background in application programming. (preferred 5+ years' in addition to cybersecurity)
      • Experience in threat modeling applications.
      • Vulnerability and penetration-testing skills.
      • Understanding of regulated technology environments
      • Experience with terminologies, issues and challenges in: pharmaceutical industry, healthcare and biotech as they relate to IT
      • Advanced knowledge of modern networks, SaaS, PaaS and cybersecurityRequired:
        • Excellence in communicating business risk from cybersecurity issues.
        • Proficiency in software development (Java, Python, C++, Ruby, etc.).
        • Solid understanding of network and web protocols.
        • Experience with security of intra-company and third-party APIs.
        • Experience with dynamic and static analysis tools.
        • Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
        • Experience with applications hosted in Amazon Web Services (AWS) or Microsoft Azure.
        • Experience with cryptography controls and measures to secure applications and data. Proficiency with scripting in Python, JavaScript, PowerShell, PHP or Ruby.Preferred:
          • DevOps background in public and private clouds.
          • Working knowledge of Windows, Linux and Unix.
          • Highly trustworthy; leads by example.
          • Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
          • Self-starter requiring minimal supervision.
          • Excellence in communicating privacy, business risk and remediation requirements from assessments.
          • Analytical and problem-solving mindset.
          • Highly organized and efficient.
          • Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.
          • JavaScript, PowerShell, PHP or Ruby.

Keywords: Prosum, Baltimore , Application Security Engineer, Engineering , Laurel, Maryland

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest Maryland jobs by following @recnetMD on Twitter!

Baltimore RSS job feeds