Application Security Engineer
firstPRO is seeking a qualified Application Security Engineer for our client, a legal institution based out of Delaware. They are seeking someone with experience in developing an automated security framework for robust deployment tools and processes.
Application Security Engineer
- Compensation: $78 – $80/hour with benefits (Health, Dental, Vision), Weekly Pay
- 100% Remote
- Type: Contract to hire
- Schedule: Monday through Friday, 8:30 AM to 5:00 PM
- Support code reviews across all code platforms
- Manage security integration into the SDLC process at CSC Help evolve CSC’s application security functions and services
- Responsible for Security bug intake and remediation process for CSC Responsible for leading the remediation of application vulnerability scanning and penetration testing
- Manage integration with Static Code Analysis, IAST , and Dynamic Code Analysis tools
- Identify security exposures and develop mitigation plans Identify, report and fix technical debt.
- Assist Manager of Application Security on all application security activities
- Become a representative for the CSC Information Security program
- Be productive and participate in security initiatives with minimal supervision.
- Becomes a subject matter expert for security solutions within the CSC platform, knowledge of SANS 25 and Owasp Top 10.
- Be able to act as a mentor for junior dev, devops and security engineers
- Use the tools and technologies used throughout CSC InfoSec.
- Own and document medium/large epics and follow through until completion.
- Present security solutions to a larger CSC audience.
- Troubleshoot issues and performance bottlenecks.
- Follow Security best practices.
- Collaborate with cross functional teams (Engineering, DevOps, Product) while carrying out day-to-day tasks.
- Participate in requirement gathering with Product/SRE/InfraServices.
- Collaborate with cross Business Unit teams (CLS, DBS, Corp Tax, TBS) on implementing standardized security solutions and integrations.
- Participate in inner sourcing/procurement initiatives within CSC
- Prior experience (3-5 years) in a Production Engineering or related position.
- Experience in Web App and Service Security leveraging WAF tool, API and Service Security.
- Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization.
- Experience coordinating and performing vulnerability assessments using automated and manual tools (SAST, SCA, DAST, IAST etc).
- DevSecOps Automation: Terraform, Ansible, GitHub Terraform, Ansible and AWS, Azure Architecture, Network and Security Certifications.
- Familiarity with API Security, Container Security, AWS, and Azure Cloud Security Knowledge of Cloud Resource Provisioning, Cloud Network and Architecture, Cloud Standards and Policies.
- Familiarity with AWS and Azure Policy, Configuration, and Security Management tools.
- Experience with security automation, Cloud resource provisioning.
- Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
- Capability to prepare security vulnerability and risk management reports for management.
- Leadership and Teaming skills to coordinate remediation of vulnerabilities within established timeframes.
- Proficiency in Java Programming and Bash, Python, Terraform or other scripting languages.
- Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, RFC2196, etc).
- Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
- Experience configuring, implementing, and leveraging computer security and networking diagnostic/monitoring tools.
- Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc)
- Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines.
- Strong experience with BI Design and Development for Vulnerability. management.