Application Security Engineer - Marriott International HQ - (22103185)

Application Security Engineer - Marriott International HQ - (22103185)

08 Sep 2024
Maryland, Bethesda, 20814 Bethesda USA

Application Security Engineer - Marriott International HQ - (22103185)

Vacancy expired!

Live Fully at Marriott International – #1 Leader in Hospitality
At Marriott International, you have the opportunity to grow in your career, work with teammates that feel like family, and help make our world a better place.
The Marriott International HQ, located at 7750 Wisconsin Ave, Bethesda, MD, 20814 is currently hiring a Application Security Engineer.
Responsibilities include:
pan>

Performs security application source code reviews, application vulnerability testing and application threat assessments. Leverages advanced tools, methods, and approaches to demonstrate weaknesses in applications. Responsible for assuring developers and technical personnel address application security issues in a timely fashion. Will routinely collaborate with different security team members including, but not limited to: architecture, infrastructure, network, compliance and incident response.

CANDIDATE PROFILE

Education and Experience

Required:
  • Bachelor’s degree in Computer Science or related field or equivalent experience/certification
  • 5+ years’ experience in Information Technology in a frontend or backend software development role with experience in testing/QA
  • 2-5 years’ experience in some or all of the following:
    • HTML, HTTP, JSON and/or XML
    • At least one compiled programming language
    • At least one interpreted programming language
  • 1+ years’ experience with web service implementation paradigms (REST, SOAP)

Additional Skills & Attributes

  • Ability to write a software specification
  • Knows how to perform an application stress test
  • Ability to conduct independent research
  • Ability to fluently write, read, debug and test applications written in Java, TypeScript/JavaScript and PHP
  • Familiar with OWASP and the common flagship projects.
  • Basic understanding of Cryptography concepts: hashing, signing, encryption, decryption
  • Basic understanding of network security concepts: DOS, DNS Spoofing, ARP Poisoning, Reverse Shells, Firewalls,
  • Basic understanding of defensive programming, test driven development,
  • Knows how to perform common application exploits: XSS, SQL Injection, UI Redressing, Directory Browsing, Log Forging
  • Basic understanding microservice application architecture, software cohesion and software coupling
  • Willing to write tools as necessary to perform day to day duties.
  • Comfortable learning new programming languages as needed to conduct code reviews
  • Comfortable with the following tools and technologies: Git, ZAP or BurpSuite, Postman, SoapUI, Jenkins, Artifactory, SonarQube, FindBugs, Docker, JIRA, Confluence,

Preferred:
  • Master’s degree in Computer Science or Software Engineering
  • Current information security and/or software development certification, including Certified Secure Lifecycle Professional (CSSLP), Professional Software Engineering Master (PSEM), Certified Software Development Professional (CSDP)
  • Expert level knowledge static analysis tools and methods
  • Expert level knowledge of dynamic analysis tools and methods
  • Advanced knowledge software engineering concepts: GOF software design patterns, SOLID design principles (SRP, OSP, LSP, ISP, and DIP) and design methods (Scrum, XP, Lean, Waterfall)
  • Strong understanding of, SAML, OAuth and OIDC
  • Strong understanding of common cryptographic algorithms and libraries
  • Experience with mobile application development on Android or iOS
  • 2+ years working as full stack software developer

CORE WORK ACTIVITIES

Security Assessments

  • Evaluates applications for security flaws by performing fuzzing, access/authorization bypass, business logic abuse and intentional fault injection.
  • Uses Static and Dynamic Analysis tools to support broad testing and vulnerability discovery.
  • Reviews application architectures and implementation details for design flaws, incorrect security implementation and missing security controls.
  • Works with other security team members to research and test for complex security issues.
  • Consults with Software Engineers, Infrastructure Architects and Security Architects to correct application, architectural or environment flaws.
  • Validates external security researcher bug bounty submissions.
  • Works closely with service providers and external security support resources to schedule, track and manage outsourced security testing efforts.
  • Creates and/or maintains threat models to communicate risks to engineers, project managers and other technical personnel.
  • Ensures applications are built according to enterprise security standards.

Source Code Reviews

  • Works with development teams to review application source code for security and operational risks.
  • Perform manual code reviews of applications that are not compatible with automated SAST tools.
  • Provide detailed security documentation to developers, software engineers and technical personnel when necessary
  • Provide guidance and recommendation to software architects and engineers on how to correct code related security flaws

Administrative
  • Participate in peer reviews of security assessments created by other team members.
  • Manage tickets and SLAs associated with security testing efforts.
  • Maintain the enterprise SSDLC standard.

This position requires proof of full vaccination against COVID-19 prior to the first date of employment, subject to applicable law. If you are offered employment, this requirement must be met by your date of hire, unless a reasonable accommodation request is received and approved.

Apply now at : https://jobs.marriott.com/marriott/jobs/22103185?lang=en-

Marriott International is consistently recognized as an employer of choice globally by FORTUNE magazine, DiversityInc and Great Places to Work Institute, among others.
Chat, engage and follow us on social media. | Facebook | Twitter | LinkedIn | Instagram
Visit www.marriott.com/careers to learn more about our workplace culture and career opportunities.
Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

Job Details

Jocancy Online Job Portal by jobSearchi.