Senior Application Security Engineer

About The Position

Requirements

• BS degree in Cyber Security/Computer Science/MIS, equivalent and a minimum of 8 years relevant industry experience.
• Experience with agile development methodologies (Scrum, Kanban, sprint iterative).
• Demonstrated passion for information security and application security.
• 8 years in application security with hands-on exposure to industry standard platforms like Veracode, Rapid7, WAF, Burp Suite and/or Fortify.
• Vulnerability management and remediation experience.
• Experience securing API’s.
• Active involvement with practices emerging from OWASP, NIST and SANS
• Experience validating penetration test findings and recommending remediations.
• Demonstrated project management skills and ability to track and report progress against established milestones, metrics and deliverables.
• Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences.
• Excellent aptitude for problem solving.
• Self-starter, team player, personable, enthusiastic, hardworking, and enjoy interfacing with external and internal customers on a day-to-day basis.
• Exceptional communication, problem-solving, and leadership skills.
• Advanced analysis, problem-resolution, judgment, and decision-making capabilities.
• Ability to prioritize and execute complex tasks in a high-pressure environment independently.
• Strong results orientation, initiative, attention to detail, and customer service focus.
• Expert time management skills, balancing daily operations, projects, and mentorship.
• Ability to independently prioritize, re-prioritize, and manage multiple complex tasks.

Nice To Haves

• Hands-on experience administering a variety of secure code platforms with proven ability to run static and dynamic application security tests (SAST and DAST) and/or implementation/administration of web application firewalls (WAF).
• Security certification a plus (CISM, CISSP, CEH, OSCP).
• Demonstrated knowledge and understanding of Application Security trends and emerging technologies (Docker, Kubernetes, etc.).
• Experience in Java and/or .NET platforms.

Responsibilities

• Application of secure code practices.
• Ensuring compliance with secure coding practices.
• Ensuring products and services are scanned for defects and security issues.
• Ensuring those defects and security issues are resolved.
• Coordination with DevOps, Software Engineering and Development teams on remediating defects that are related to security issues.
• Onboarding of applications into the web application firewall along with configuration and troubleshooting.
• Training Developers on secure code practices.
• Ensuring the SDLC includes secure coding methodology.
• Ensures that the user community understands and adheres to necessary procedures to maintain security.
• Performs root cause analysis of complex application security issues and provides recommendations to stakeholders on the best course of action to remedy the problem.
• Performs ongoing application security reviews to ensure compliance with internal security standards and regulatory requirements.
• Assist in responses to external audits, penetration tests and vulnerability assessments.
• Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business.
• Interview, develop, coach, lead and retain top-tier talent, with a focus on building and improving a team and culture that is able to assist in employing best in class practices to support and drive high levels of internal and external customer satisfaction.
• Complete all responsibilities as outlined in the annual performance review and/or goal setting.
• Complete all special projects and other duties as assigned.
• Must be able to perform duties with or without reasonable accommodation.

Benefits

• Cotiviti offers team members a competitive benefits package to address a wide range of personal and family needs, including medical, dental, vision, disability, and life insurance coverage, 401(k) savings plans, paid family leave, 9 paid holidays per year, and 17-27 days of Paid Time Off (PTO) per year, depending on specific level and length of service with Cotiviti.