Security Application Engineer- GC and USC

Security Application Engineer

The security team is seeking an enthusiastic Security Application tester who will test applications for security compliance. The successful candidate will have experience with Enterprise Applications and Information Security.

The scope of applications to be tested are software that are used to run the business, not software which is sold or provided to end customers. The type of applications range from web services to line of business applications to mobile or cloud applications.

Candidates will be responsible for ensuring all applications meet enterprise minimum security specifications and escalating for potential deviations when they do not. Being able to communicate clearly, establish partnerships with team members and stakeholders, as well as potentially offload portions of the work to staff augmentation resources, will be required.

Essential Functions:

• Perform security, compliance, and risk assessments on projects throughout the project lifecycle using sdlc, waterfall, or rup methodologies
• Support information security review of new technologies, designs, and remediation planning efforts
• Investigate and identify security needs and recommend plans/resolutions. Implement, test, and monitor info security improvements.
• Maintain visibility inside and outside of info security, interfacing with groups such as billing ops, application support, engineering ops, finance, legal, privacy, risk management, etc.
• Support info security policy lifecycle throughout, including intake, creation, review, approval, implementation, publishing, communication, and maintenance
• Support security projects driven by groups both internal and external to info security
• Experience with static and dynamic vulnerability identification using industry leading scanning tools and manual code reviews
• Experience with the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them
• Solid understanding of Information Security in general and the specific behaviors that would secure information assets
• Ability to translate Information Security policies and procedures into language that a business and/or technical person can understand; and ability to effectively communicate with both non-technical and technical people
• Strong problem-solving with the ability to methodically and objectively analyze and resolve Information Security challenges
• Ability to work well inside and outside the team. Exchanging ideas, knowledge, experience, and thoughts can boost the quality and the efficiency of the solution.
• Great stakeholder management skills and experience due to the escalation process

Requirements:

• Must have IBM App Scan, Fortify, BURP Suite, Kali Linux, SOAP UI, Application Test, Penetration Test expertise
• Need GC and USC

We are an equal opportunities employer and welcome applications from all qualified candidates.