Lead Application Security Engineer

Lead Application Security Engineer

Vacancy expired!

Leads technical efforts for ensuring security is applied to the technology platforms and information within the organization in accordance with established standards and policies. This involves in-depth knowledge of the business processes involving Network, architecture, relationship between systems, and systems flow of end-to-end designs for Network & Technology applications with application security focus as well as collaborative working relationships with delivery teams

Responsibilities

• Performs application security assessments and remediation activities as part of the application security program and ensures application teams adhere to the SSDLC Framework.


• Research information security standards; conducts application security and vulnerability analyses and risk assessments; research threats and attack vectors that impact applications. An example would be interpreting a SOC 2 from a vendor to determine if technical requirements of a control are met.


• Makes recommendations on toolset modifications and improvements, improvements on development processes and production application security support.


• Technically mentors associate within the department. Provides training and guidance to team members as required.


• Evangelizes application security program fundamentals, tools, processes and acts as a consultative partner with Global IT and Business teams.


• Participates in automation of scanning and workflows around an internal application security framework


• Ensures teams are validating for OWASP and performing industry leading application security practices such as NIST Cyber Security Framework.


• Perform other duties as assigned.

Requirements





Required: Bachelor's degree or equivalent experience.

Preferred: Master's degree and/or LOMA certification, MCSE

• 8+ years of relevant work experience.


• Experience in application vulnerability assessments, Testing and execution


• Broad experience in Quality Assurance and software Development with security testing/development as focus area.


• Advanced experience in security testing tools such as Burpe Suite, Zap, or similar tools. Strong background with application security assessments.


• 4+ years hands on system administration and scripting experience. (SQL , PL/SQL Scripting and Oracle Database Tools)


• Experience in Programming languages like Java, Net, Perl/Shell/AWK scripting is a plus.


• Awareness of Advanced Automation scripting and Automation testing tools.


• Outstanding communication, analytical skills and ability to function in a globally diverse work environment.


• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.


• Experience in system technology security testing (vulnerability scanning and penetration testing).


• Experience in application technology security testing (white box, black box and code review).

Technical Requirements

• SAML, Oauth, Cloud authentication/authorization mechanisms, and secrets management


• SDLC Preferred Experiences


• 5+ years' experience in systems and network monitoring technologies and tools


• 4 or more years' experience in designing solutions or applications with programming technologies and tools


• Experience working with Cisco/Juniper network equipment devices is a plus.


• 2 + years of experience with public and hybrid cloud environments.


• Insurance industry knowledge


• SANS GIAC


• CISSP

Beacon Hill is an Equal Opportunity Employer that values the strength diversity brings to the workplace. Individuals with Disabilities and Protected Veterans are encouraged to apply.

Company Profile:

Beacon Hill Technologies, a premier National Information Technology Staffing Group, provides world class technology talent across all industries utilizing a complete suite of staffing services. Beacon Hill Technologies' dedicated team of recruiting and staffing experts consistently delivers quality IT professionals to solve our customers' technical and business needs.

Beacon Hill Technologies covers a broad spectrum of IT positions, including Project Management and Business Analysis, Programming/Development, Database, Infrastructure, Quality Assurance, Production/Support and ERP roles.



Learn more about Beacon Hill Staffing Group and our specialty divisions, Beacon Hill Associates, Beacon Hill Financial, Beacon Hill HR, Beacon Hill Legal, Beacon Hill Life Sciences and Beacon Hill Technologies by visiting www.beaconhillstaffing.com.

We look forward to working with you.

Beacon Hill. Employing the Future