Job title: Application Security Engineer
Location: South Florida Ideal, open to remote on EST/CST
Salary: $90-120K + Comprehensive Benefits Package
The Application Security Engineer is responsible for implementing and executing world-class security solutions and processes to maintain a secure operating environment. This individual will work with our vendors and our Technology team to design, implement, and configure automated security and monitoring controls. Empowering a strong security conscious DevSecOps culture, the Application Security Engineer will help maintain the security posture of our products and infrastructure by continuous monitoring and generating reports on threats and vulnerability. This will require an understanding of business needs with a focus on risk based implementation of security controls such as WAF, SAST, DAST within CI/CD.
- Define and operationalize security standards, policies, and procedures.
- Automation of vulnerability assessments and other security related SecOps tasks.
- Drive systematic vulnerability scans across all products and report major vulnerabilities to development and follow up on resolutions.
- Identify new security threats by conducting continual monitoring, web application penetration testing, vulnerability assessments and log and event analysis.
- Create and maintain weekly/monthly reports to ensure compliance with PCI DSS and HITRUST.
- Stay current on emerging security threats, vulnerabilities, and recommended controls.
- Serves as the subject matter expert (SME) on Application Security.
- Collaborate closely within the Development team and cross-functional groups within our org
- Bachelors degree in Computer Science, Engineering, or other Technology related field;
- Five (5) years technology or information security related experience;
- Hands on experience of working with various security tools like Veracode, Alert Logic, Rapid7 and various industry standard intrusion detection tools/services like GuardDuty.
- Experience in performing web application penetration testing, application security scans or working with third-party vendors providing these services.
- Strong experience in web application security (e.g., XSS, CSRF, SQL injection, etc).
- Experience with identifying and exploiting the unique security risks of cloud computing platforms including AWS and Azure.
- In-depth understanding of SAST, DAST, IAST methods.
- Excellent written and verbal communication skills targeting a broad range of audiences from engineers to senior leadership.
Skills And Competencies
- Maintains strong problem solving and creative skills, able to act decisively in making solid, informed judgment calls in response to both the technological and critical regulatory environment and the day-to-day business issues;
- Ability to articulate security risks and vulnerabilities.
- Ability to set priorities and balance likelihood and business impact against cost of remediation and competing business interests;
- Possesses effective communication and presentation skills to articulate policies, procedures and plans to senior level management;
- Possess a competency in project management methodology; and
Every team member exhibits our core values:
- Continuous Improvement
Location: South FL/Remote
To apply for this job email your details to Dimitri.Alexander@benjamindouglas.com