This site uses cookies. To find out more, see our Cookies Policy

Application Security Engineer in Downers Grove, IL at Solution Partners

Date Posted: 5/11/2018

Job Snapshot

Job Description

AApplication Security Engineer

The Application Security Engineer will report to the Director of Security Technologies and will functionally support product engineering and development teams to secure company's SaaS products portfolio. Application Security Engineer will be responsible for assessing and understanding the security posture and attack surface of all company products, and for assistance in the development of the appropriate security controls.

Responsibilities:
Conduct security assessments, security penetration testing and validation of test results
Provide security insights to vulnerability scan results
Working closely with development teams to understand the security posture of the features being developed
Perform architectural risk analysis, threat modeling, secure design and source code review
Effectively manage relationship with external application security and penetration testing partners
Incorporate security tools/tasks to automate product development and deployment (SAST/DAST/IAST integration into CI/CD pipeline, etc.)
Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls
Serves as a critical resource to ensuring each the company's product is developed in alignment with industry-leading Secure Software Development standards.

Required Skills:
Bachelor degree with 5+ years of relevant work experience OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience and education
Self driven, highly motivated with a strong customer focus
Strong analytical and problem-solving skills
Solid project management skills, especially in a cross-functional environment
Prior exposure to modern CI/CD pipelines including tools and technologies such as VSTS, GitHub, Jenkins and others
Must have a "breaker" mentality, but be effective at designing the mitigating controls
Ability to develop technical (XSS, etc) and functional (fraud, etc.) abuse test cases
Working knowledge of vulnerability management and penetration testing tools such as NMAP, Core Security, Burp, ZAP, Rapid7 Nexpose, Kali Linux, or Metasploit
Working knowledge of NIST, Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM)
Solid understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc.
Solid understanding of fundamental application security building blocks such as: authentication, authorization, data validation, encryption, exception handling and logging
Solid understanding of leading cloud platforms such as MS Azure and Amazon AWS and underlying security controls
Familiarity with one of the market leading SAST