Job 25838 for a 12 mos. contract, it could be extende.
Must be able to be on our direct payroll, and must be able to interview in Dallas, TX for the second round of the interview process.
The Application Security Engineer will be a part of the Cybersecurity Team focused on general application security, DevSecOps principles, and code quality. The Cybersecurity Team works with application development teams to ensure technology security and vulnerabilities are addressed and remediated throughout the system development life cycle (SDLC). As a senior member of the team, your focus will be building and maintaining relationships with different business units, influencing and injecting secure ideas into the roadmap, promoting best security practices, solving world-class security challenges, and pushing your engineering knowledge and expertise while continuously penetration testing our compute ecosystem.
Five member cross-functional Team consisting of Senior and Principle engineers with diverse background, cultures, and experience. Team operates in an Agile Scrumban method and works directly with application development teams. Will be instrumental in defining and implementing Application Security and DevSecOps strategies for our client in Dallas, TX
• 5+ years in application penetration testing
• 5+ years in software development
• Ability to work in a highly collaborative and dynamic, cross-functional team
• Conduct application security assessments and penetration tests (web, mobile, web service, etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools and/or code review tools
• Perform threat models and risk assessments to characterize the risk and severity posture of large-scale commercial or in-house enterprise applications
• Experience programming and scripting and ability to develop or adapt custom tooling to solve new needs
• Experience performing baseline static/dynamic application security assessments (SAST/DAST) on new applications and changes to applications
• Write a security assessment and application threat profile reports
• Maintain partnerships with application development teams, participate in corrective action plans for identified issues
• Articulate risk and business impact to stakeholders
• Provide on-the-job training and mentoring to other members of the team
• Track and research the latest developments in vulnerability research
• Strong understanding of vulnerabilities, common attack vectors and how to resolve them
• Attacker mindset: ability to think about creative threats and attack vectors
• Well-rounded background in host, network and application security
• Familiarity with cloud platforms (preferably AWS)
• Experience with Agile Practices like Scrum, Kanban, CI, CD preferred
• DevSecOps knowledge of areas such as tools/capabilities, monitoring, scripting, and metrics preferred
• Experience delivering secure application development and application security testing training
• Familiarity with OAuth2.0 and OpenId Connect protocols
• Working knowledge of industry and commonly adopted secure standards, practices (e.g. applicable NIST standards, CIS, ISO, OWASP, SANS, BISMM, and CERT)
• Certifications (Certified Ethical Hacker (CEH) GIAC Penetration Tester (GPEN) GIAC Certified Forensic Examiner (GCFE)), training on hands on exploit development are plus
• Administration experience with any of the following: Nessus, Rapid7, Burp Suite, Metasploit and other scanning and analysis solutions.
• Airline or travel industry experience a bonus
Intrusion Detection And Prevention
Public Key Infrastructure