Application Security Engineer III

Job Summary: Assist the Chief Information Security Officer in leading and managing the Information in accordance with organizational policies and goals. The candidate will assist the Chief Information Security Officer and the Application Security Team Lead in processing documentation, facilitation, remediation planning, risk management, and systems implementation coordination to meet the audit, control, and compliance requirements.

The Application Security Engineer III will be responsible for identifying and reporting all security issues, prioritizing threats, and confirming threats have been mitigated in accordance with company standards. The Application Security Engineer III will be a resource of experience and best practices to for the Information Security Team.

Key Responsibilities:

• Proficiency in configuration, optimization, and utilization of information security tools such as Crowdstrike or similar EDR, Cisco FTD, Palo Alto , Qualys, HP Fortify, Nessus, Kismet, Airsnort, NMAP, Wireshark, WebInspect, SNORT, Security Onion, and Nikto, Burp Suite, Kali Linux, and other web application penetration testing tools
• Sound understanding of manual techniques to exploit vulnerabilities in the Open Web Application Security Project (OWASP) top 10 including but not limited to cross-site scripting, SQL injections, session hijacking, and buffer overflows to obtain controlled access to target systems
• Attack and Penetration experience in testing of Internet infrastructure and Web-based applications utilizing manual and automated tools
• Architect and design new tools to include SOP’s and Diagrams for the SECOPS team and Security and Network operations team.
• Proficiency in static and dynamic scanning methodologies
• Expert ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols
• Ability to perform general inspection and implement preventative measures on intrusion detection systems
• Assist in managing multiple competing priorities in a fast-paced SaaS environment
• Assist in managing third-party security services, application vendors, evaluate new vendors and services

Work Experience / Knowledge:

• Knowledge of Industry Standards, e.g., ISO 17799/27001, FISMA/FedRAMP, NIST Publications, and other Industry Related Security Standards
• Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate Compliance
• Hands-on working experience with Microsoft SQL Server 2012/2016/2019
• Strong working knowledge of agile and waterfall software development lifecycle methodologies
• Experience reviewing or auditing IT general controls, network infrastructure, information security, SDLC, web server, database server, operating systems, and/or software applications to ensure compliance is maintained
• Experience in the implementation and management of both offensive and defensive security technologies in conjunction with commercial and federal information security compliance initiatives
• Active participation in Enterprise-level Risk Assessment and Business Impact Analysis
• Active participation in disaster recovery and business continuity planning and execution
• Consulting experience in Information Security
• Hands-on working experience with Windows Server 2012/2016/2019
• Experience in TCP/IP Networking
• Knowledge of Industry Standards, e.g., ISO 17799/27001, NIST Publications, and other industry-related security standards
• Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate Compliance
• Work with internal and external resources on performing and reporting the annual penetration testing to include complete white-hat testing; Must provide a detailed report and recommendations for improvements and remediation where applicable
• Work with internal and external stakeholders to assess security requirements, and approve/modify designs as needed
• Ensure vulnerabilities are mitigated in a timely fashion in accordance with the applicable compliance requirements
• Support incident responses for all security-related issues 24/7

Qualifications / Certifications:

• 5 or more years of experience in one or more of the following Database Environments: Microsoft SQL Server, Oracle, Sybase, DB2, and MySQL
• CISSP, CISM, OSCP, CEH and/or Security+/Network+ Certifications
• 5 or more years hands on experience in one or more of the following Operating Systems: Windows Server 2008/2012/2016/2019, Linux and UNI
• 5 years practical experience in TCP/IP Networking
• 5 years experience with managing small tactical teams
• 5 years or more experience with private or public cloud security
• 2 or more years designing, architecting and engineering security solutions.

Special Requirements:

• May also be assigned various projects and tasks as needed
• Hours: Day shift. Evening and weekend hours may be required

Equal Opportunity Employer. M/F/D/V