Application Security Engineer

Overview

Location:

Irving TX
- Hybrid (min. 3 days’ work from office)

Type:
Contract

Job Description:

In this role as an Application Security Engineer, you will conduct security assessments for products and solutions. You will collaborate with various cross functional teams and help to create, define, and implement security controls and security tooling in conjunction with internal product development and devops teams.

• Evaluate security postures and provide recommendations for improvement and risk reduction for Mobile Platforms (IOS/Android), AI Systems, Internet of Things.
• Support engineering and development teams in implementing, maintaining and troubleshooting application security tooling automation for SAST, DAST, MAST (iOS and Android), OSS, API, etc.
• Implement security modules, tools, and programing code snippets when needed.
• Participate in deep dive architectural discussions of new or existing applications, software, and services.
• Apply cryptographic primitives and protocols for authentication, authorization and data protection.
• Recommend and manage transmission protection requirements for all environments (e.g., systems, applications, containers) such as encryption, SSL certificate management, RSA key pairs, etc.
• Continually evaluate new threats and attacks specific to Mobile Platforms, IoT, and AI Systems to identify the impact on business and help to develop and implement appropriate security controls.

• Bachelor’s degree in Computer Science or related fields
• Eight or more years of relevant work experience.
• Experience with mobile application security testing, mobile code analysis, vulnerabilities evaluation and remediation.
• Experience with performing security assessment for secure deployment of large IoT, mobile and/or AI systems.
• Experience with Secure SDLC including use of obfuscation techniques, Reverse Engineering and Tamper Resistant software development.
• Experience with OWASP Top 10 vulnerabilities and Cryptographic Algorithms: PKI, X.509 Public Key Certificates, authentication protocols, and transport layer security, OID, OAuth, SAML.
• Understanding of various types of Exploits, Threat Modeling, and Attack surfaces

• Development experience in Swift, Java, Scala, Python, C/C++ or other languages and the ability to solve complex operational issues.
• Mobile, IoT or AI application development experience is highly desirable
• Experience with IT Security Frameworks such as NIST, ISO
  27001, PCI, DSS, FedRAMP
• One or more of the following certifications:
  Certified Ethical Hacker, Python Institute Certifications, C++ Institute Certifications, Mobile Application Penetration Tester (eMAPT), ISC2 Certified Information Systems Security Professional (CISSP), or other Security Certification