Application Security Engineer

About The Position

Requirements

• Established experience with Agile and software development lifecycle (SDLC) practices.
• Experienced with REST and SOAP development and security controls.
• Additionalexperience with JSON, JWT, XML,jQueryand JavaScript.
• Knowledge of security fundamentals for software-as-a-service (SaaS) application integrations.
• Skillful in single sign-on (SSO), OAuth 2.0, OpenID Connect and SAML.
• Proven excellence in communicating businessriskfrom cybersecurity topics.
• Active involvement with practicesemergingfrom OWASP, NIST and SANS, among others.
• Proficient in software development (Java, Python, Ruby, GO, etc.)
• Solid understanding of network and web protocols.
• Experienced with securing intra-company and third-party APIs.
• Experienced working with API gateways
• Track recordof acting with integrity, taking pride in work,seekingto excel, being curious and adaptable, and communicating thoroughly.
• 7-10years ofInformation Technology orInformation Security experience with a proven ability to engage with Senior Management andDevelopers.
• Experience with cryptography controls and measures to secure applications and data.

Nice To Haves

• SecDevOpsbackground in public and private clouds.
• Bachelor’s Degree, Information Systems, Computer Science, InformationSecurityor relatedfieldpreferred.
• Knowledge of API tools such as Swagger, Apigee,vRESTand API Fortress.
• Understanding ofcloud API resources from Amazon Web Services (AWS), MicrosoftAzureorGoogle Compute Cloud (GCP).
• Certified Secure Software Lifecycle Professional(CSSLP),GIAC Certified Web Application Defender (GWEB)or relatedcertificationstronglypreferred.

Responsibilities

• Develop and apply authentication and authorization security requirements to support secure identity, privilege management, and access control models across applications and APIs; support role- and attribute-based access control.
• Conduct application security risk analysis, threat modeling, and secure design reviews in partnership with development teams throughout the software development lifecycle.
• Analyze, triage, and prioritize application security findings from automated testing, endpoint security detections, and third-party assessments, focusing on exploitability, business impact, and remediation feasibility.
• Document and provide ongoing maintenance of materials toeliminatediscrepancies in development and security best practices.
• Serve as the primary application security liaison for assigned development teams, leading recurring security touchpoints to review findings, remediation progress, and secure design considerations.
• Over time, it contributes to the development of automated security workflows and integrations that embed security validation into development and delivery processes.
• Be highly engaged in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects; deliver projects on time, within budget andin accordance withSLAs.
• Leverage security standards and implementation configurations, as well as common security frameworks.
• Align with architects and development teams for a mission of secure design and data integrity preservation among users,appsand infrastructure.
• Shareapplicationsecurity knowledge and best practices with peers and development teams to strengthen security awareness and adoption.
• Support compliance obligations by translating regulatory and policy requirements into actionable application security controls, partnering with security leadership for review and approval.
• Develop security test plans from architectural designs,identifydeficiencies,and make enhancements to ensure production is notimpacted.