Application Security Engineer - Rochester, United States - TEKsystems

Description

Job Description

3484973

** U.S. Citizen and GC Holders **

Top Three Skills:

1) Applications Security - candidate must have 5+ years of experience working with applications security. Must be familiar with the concepts required to build secure applications. Must be somewhat familiar with application development and be able to participate in technical conversations with developers.

2)SAST - Candidate must have 3+ years of experience with static application security testing. Implementing a tool called checkmarx to do this testing. Ideally the candidate will have worked with Checkmarx.

3) Development - Candidate must have 5+ years experience as a mid level developer. Must understand coding and how to read and write it. This person will be working with developers to analyze their code and teach them secure coding practices.

4) Communication - This person will be working with developers to help them make the required changes to their code. They will help train developers, and QA personnel to the appropriate level of software security knowledge to perform their responsibilities

Job Description:

This person will be responsible for scanning code with Checkmarx and analyzing the alerts that pop up. They will then need to investigate to see if those alerts are actual areas for concern or if they are just false positives. They will then take the areas of concern back to the development teams and teach them how to make the required changes.

Hands-on role partnering with application development to strengthen application security best practices within the agile SDLC. Review security findings within existing code to identify vulnerabilities and provide recommendations to mitigate the risk. Ensures application security controls in place are adequate or identify those that require improvement. Train developers in secure coding best practices, security testing tools and techniques.

• Collaborate with application development to address security risks and provide mitigation recommendations to align application security best practices within the agile SDLC, based on OWASP Top 10.

• Creation and refinement of rules for SAST and DAST security tools.

• Capability to analyze multiple instances of vulnerability patterns that can be traced to single root causes to eliminate existing risks within software applications.

• Collaborate with Penetration Testers to identify pervasive issues within an application or common trends throughout multiple applications.

• Validation of security controls to adhere with industry best practice and compliance requirements, including OWASP Top 10 and OWASP Application Security Verification Standard.

• Develop and coordinate the testing and deployment of rules for web application firewalls.

• Acts as an application security resource throughout the company, training developers on security tools and techniques.

• Bachelor's degree in Information Security, Software Development or another related technical discipline.

• 5 years of experience in Information Security, Cyber Security is preferred.

• 5 years of experience in object oriented programming languages: C#, Java, or Javascript. Knowledge of back-end frameworks such as Spring, .NET or Node, as well as familiarity with modern front-end frameworks such as Angular or React is preferred.