Senior Application Security Engineer

Senior Application Security Engineer

Vacancy expired!

Title: Sr. Application Security Engineer
Location: Remote
Duration: Contract/Contract-to-hireNo third-party candidates please - Visa sponsorship is not available currently

Our client's information security team is looking for a Senior application security engineer to be part of their growing team and assist in the build out of key product security capabilities. This is a challenging and rewarding opportunity for an individual who is looking for an opportunity in the product security arena and wishes to grow within the organization and the thriving retail industry.

Responsibilities:

• Understand the technology stack and SDLC practices (back-end, front-end, database integrations, hosting environment), dev-ops practices (CI,CD, IaaC) and architect security integrations
• Evaluate and integrate external SDK's and API's based on solution requirements and Scrum Frameworks
• Experience with docker and automated server deployment
• Solid understanding of application security practices, secrets management, API development, OAuth authentication , security unit testing and CI/CD workflows
• Subject matter expertise in understanding OWASP framework established vulnerabilities and aiding resolution with the development team
• Subject matter expertise in interpreting software vulnerabilities and aid developers to close out software bugs, answer questions around best practices as it pertains to encryption, secure coding, secure data flows etc.
• Review and plan infrastructure changes and new builds to comply with security requirements
• Participate in incident response, triage, and investigation/remediation of infrastructure issues
• Willingness to provide support during nontraditional working hours or work in an on-call fashion

Requirements:

• 5+ years of experience with system security and DevOps
• Understanding of Agile
• Familiarity with RESTful APIs
• Familiarity with cross-platform system integration and hybrid apps
• Experience with AWS services and AWS SDK
• Good understanding of code versioning tools, such as Git
• Solid ability to automate using programming languages (Preferably Python)
• Build and maintain tools for application security - SAST(static code scanning), DAST(dynamic code scanning), SCA(software composition analysis), botnet mitigation, web application firewalls
• Ability to manage secrets management platforms (Vault) and understanding of SSL cert management
• Strong experience with IaaS (Terraform) and development within AWS
• Strong experience in Kubernetes and securing container workloads
• Strong communication and documentation skills with experience briefing executives and senior leadership

Everest Consultants is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, disability, or any other characteristic protected by applicable local, state or federal civil right laws.