Application Security Engineer

The Application Security Engineer will work as a member of the Application Security Team located in Enterprise Information Security.

Required Experience:

4

+ Years
Job Locations:

Orlando, FL

Location Restrictions:

Onsite

Basic Qualifications and

In this role, the Application Security Engineer will analyze source code of applications written in common programming languages (Java, .NET, PHP, NodeJS, Python, etc.) with a focus on secure coding practices and principles. Work directly with product owners to properly build and document Application Threat Models. Leverage commercial and Open Source tool sets to perform static and dynamic analysis on internally and externally developed applications, and effectively communicate findings to development teams. Perform on-going security testing and code review to improve software security. Assist with engineering designs for new software solutions to help mitigate security vulnerabilities.

Responsibilities
  • Analyze source code of applications written in common programming languages(Java, .NET, PHP, NodeJS, Python, etc.) with a focus on secure coding practices and principles.
  • Work with product owners to build Application Threat Models with the intent to identify, communicate, and understand threats and mitigations.
  • Leverage commercial and opensource tool sets to perform static and dynamic analysis on internally and externally developed applications, and effectively communicate findings to development teams.
  • Perform on-going security testing and code review to improve software security.
  • Assist with engineering designs for new software solutions to help mitigate security vulnerabilities.
  • Work in tandem with internal and external developers to establish secure software development life cycle procedures.
  • Establish and participate in secure coding review practices amongst developers.
  • Write reports and deliver presentations that explain the findings of research and software evaluations.
  • Support the maintenance of technical documentation.
  • Assist with developing and providing training in secure coding practices.
  • Develop a familiarity with new tools and best practices and assist with the integration of these tool sets with the enterprise.
  • Stay up to date on application security vulnerabilities and mitigation techniques to provide awareness to the developers and Application Security teams.

Required Skills and Experience
  • Detailed technical knowledge of techniques, standards and state-of-the art capabilities surrounding authorization, applied cryptography, security vulnerabilities and remediation.
  • Demonstrated understanding of Application Threat Modeling methodologies (e.g.,STRIDE, FAIR, and Octave)
  • Software development experience in one of the following core languages: Java,.NET, PHP, Javascript, Python.
  • Adequate knowledge of web related technologies (web applications, web services,and service-oriented architectures) and of network/web related protocols.
  • Interest in all aspects of security research and development.
  • Able to contribute in a team environment with other team members with varying skills, experience, and locations.
  • Able to communicate technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements.
  • Excellent analytical and multitasking skills.
  • Basic concepts of common security frameworks (e.g., ISO, NIST, HITRUST).
  • Basic concepts of varying industry data standards (e.g., PCI, HIPAA).
  • Have a strong understanding of OWASP Top 10 and similar frameworks.
  • Experience with Agile (e.g., SCRUM, Kanban) software development models.
  • Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape as well as security trendsin the industry.
  • Proficient with Micro Focus Fortify and WebInspect platforms (or similar enterprise static and dynamic analysis tooling)
  • Proficient with Microsoft Threat Modeling Tool (or similar threat model tooling)
  • Ability to articulate and express both verbal and non-verbal correspondence. 
  • Ability to translate control framework (e.g. HITRUST, PCI) requirements in to understandable and actionable tasks.

Interested in this position?
Fill out the form below!