Application Security Engineer in New York, NY at Signature Consultants

Date Posted: 6/10/2019

Job Snapshot

Job Description

Application Security Engineer Summary:

In this role the candidate will partner with teams and deliver security risk assessments, manual penetration security testing, automate security testing, threat modeling, and education on secure coding. They will deliver security products and consult with DevOps, as part of a high-profile security team, supporting automated security testing as part of the next generation CI/CD pipelines. The candidate will lead internal and external penetration tests across the most critical assets, as well as triage issues with internal stakeholders for remediation. He/she will create functional and non-functional security requirements, including delivering secure cloud services that strike a balance of product usability.

Qualifications:

  • Minimum of 3 years of experience in software development and implementing security into an SDLC processes.
  • Minimum of 8 years' experience (in excess of degree requirements). Minimum 2 years relevant architecture experience with expert level knowledge of application systems design and integration.
  • Comprehensive knowledge, experience, and understanding of testing for the OWASP Top 10, WASC TCv2, and CWE 25, including PoCs, automating attacks, and secure code remediation.
  • Excellent interpersonal communication skills, breaking down vulnerabilities to both developers and leadership.
  • Personal passion for security and cutting edge security concepts.

Required Skills:

  • Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
  • Experience writing in one or more of the following programming languages: C/C++, Java, Ruby, Python, and JavaScript.
  • Evaluate, deploy, and manage application security tools (e.g. DAST, SAST, IAST, RASP, WAF) and build strong vendor relationships.
  • Experience or knowledge with a cloud provider(s) (Amazon Web Services, Microsoft Azure, or Google Cloud)
  • Previous application security testing or Incident Response (IR) experience, including presenting and documenting vulnerabilities, findings or incidents.
  • Ability to listen for nuances, dig into details in order to understand systems deeply, and articulate technical details and risks to business leaders.
  • Familiarity with one or more industry standards and regulations such as PCI, NIST 800-53, FedRAMP and ISO27001.

Desirable Skills:

  • Strong programming and scripting experience in C#, C++. Java, Python, BASH, Go, or something similar.
  • Participates in CTFs or actively contributes to the security community through exploitation development.
  • Bachelor's degree or higher in Computer Science.

About Signature Consultants, LLC

Headquartered in Fort Lauderdale, Florida, Signature Consultants was established in 1997 with a singular focus: to provide clients and consultants with superior staffing solutions. For the ninth consecutive year, Signature was voted as one of the "Best Staffing Firms to Work For" and is now the 15th largest IT staffing firm in the United States (source: Staffing Industry Analysts). With 27 locations throughout North America, Signature annually deploys thousands of consultants to support, run, and manage their clients' technology needs. Signature offers IT staffing, consulting, managed solutions, and direct placement services. For more information on the company, please visit www.sigconsult.com