Application Security Engineer

  • Location: Wilmington, Delaware
  • Type: Contract To Hire
  • Job #159812

firstPRO is seeking a qualified Application Security Engineer for our client, a legal institution based out of Delaware. They are seeking someone with experience in developing an automated security framework for robust deployment tools and processes.

 

Application Security Engineer

Job Details

  • Compensation: $78 – $80/hour with benefits (Health, Dental, Vision), Weekly Pay
  • 100% Remote
  • Type: Contract to hire
  • Schedule: Monday through Friday, 8:30 AM to 5:00 PM

 

Job Responsibilities

  • Support code reviews across all code platforms
  • Manage security integration into the SDLC process at CSC Help evolve CSC’s application security functions and services
  • Responsible for Security bug intake and remediation process for CSC Responsible for leading the remediation of application vulnerability scanning and penetration testing
  • Manage integration with Static Code Analysis, IAST , and Dynamic Code Analysis tools
  • Identify security exposures and develop mitigation plans Identify, report and fix technical debt.
  • Assist Manager of Application Security on all application security activities
  • Become a representative for the CSC Information Security program
  • Be productive and participate in security initiatives with minimal supervision.
  • Becomes a subject matter expert for security solutions within the CSC platform, knowledge of SANS 25 and Owasp Top 10.
  • Be able to act as a mentor for junior dev, devops and security engineers
  • Use the tools and technologies used throughout CSC InfoSec.
  • Own and document medium/large epics and follow through until completion.
  • Present security solutions to a larger CSC audience.
  • Troubleshoot issues and performance bottlenecks.
  • Follow Security best practices.
  • Collaborate with cross functional teams (Engineering, DevOps, Product) while carrying out day-to-day tasks.
  • Participate in requirement gathering with Product/SRE/InfraServices.
  • Collaborate with cross Business Unit teams (CLS, DBS, Corp Tax, TBS) on implementing standardized security solutions and integrations.
  • Participate in inner sourcing/procurement initiatives within CSC

 

Job Requirements

  • Prior experience (3-5 years) in a Production Engineering or related position.
  • Experience in Web App and Service Security leveraging WAF tool, API and Service Security.
  • Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization.
  • Experience coordinating and performing vulnerability assessments using automated and manual tools (SAST, SCA, DAST, IAST etc).
  • DevSecOps Automation: Terraform, Ansible, GitHub Terraform, Ansible and AWS, Azure Architecture, Network and Security Certifications.
  • Familiarity with API Security, Container Security, AWS, and Azure Cloud Security Knowledge of Cloud Resource Provisioning, Cloud Network and Architecture, Cloud Standards and Policies.
  • Familiarity with AWS and Azure Policy, Configuration, and Security Management tools.
  • Experience with security automation, Cloud resource provisioning.
  • Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
  • Capability to prepare security vulnerability and risk management reports for management.
  • Leadership and Teaming skills to coordinate remediation of vulnerabilities within established timeframes.
  • Proficiency in Java Programming and Bash, Python, Terraform or other scripting languages.
  • Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, RFC2196, etc).
  • Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
  • Experience configuring, implementing, and leveraging computer security and networking diagnostic/monitoring tools.
  • Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc)
  • Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines.
  • Strong experience with BI Design and Development for Vulnerability. management.

 

Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!

Back to Top