Senior Application Security Engineer
New York, NY | Direct Hire
Salary: Competitive, dependent upon experience
Our client is seeking a passionate Senior Application Security Engineer. In this role, your primary focus will be ensuring, enforcing, and maintaining our high standards of security, specifically with regards to member data.
This role is hands on and technical while requiring a heads-up nature to identify gaps and drive the creative application of state-of-the-art security practices and controls. The ideal candidate will be able to leverage automation and data analysis to embed continuous security practices into our development and operational workflows. The application security program must be designed to ensure that any software developed or acquired meets these stringent standards while enabling rapid innovation to meet the ever-changing needs.
Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders.
Day to day:
Conduct security architecture reviews on existing and new technologies and offer plans for remediation/design
Function as Subject Matter Expert for understanding of architecture, application design, systems engineering, and integration required
Integrate and develop security tools, standards, and processes into the SDLC and Product Life Cycle
Improve, develop, and support application security tools for the required security review, testing, and deployments including static analysis and runtime testing tools
Build and integrate automated security tests into our continuous integration and deployment pipelines
Conduct manual and automated application security testing and source code auditing for a variety of technologies, including software and hardware
Manage and conduct penetration tests, red team assessments, and related simulated “ hostile actor” scenarios
Establish threat modeling practices and ensure integration into the product life cycle
Share security research on latest best practices, threats, trends, and vulnerabilities, and document and disseminate security guidelines for common security issues and baselines
Collaborate with software development teams to embed a security mindset into our products and practices (e.g. code reviews, reference implementations, security tooling and practices)
Guide project teams with encryption standards for Web services, APIs, SSO, Mobile, etc.
Provide security best practices for data systems in cloud based environments
Work with developers to design optimal security practices when developing new application functionality
Support vendor security activities to ensure third-party and open source software and development meet CLEAR’ s security standards
Produce metrics reporting the state of application security programs and performance of development teams against requirements
Mitigate security risks associated with projects which have a high technical complexity and/or involve significant challenges to the business
Communicate technical application security concepts to staff, including developers, architects, and managers
5-8 years of experience in software development
Minimum of 8 years experience (in excess of degree requirements). Minimum 2 years relevant architecture experience with expert level knowledge of application systems design and integration
Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security
Candidates must have excellent verbal and written communication skills, preferably having contributed to technical publications
Experience with a public cloud based provider (Amazon Web Services, Microsoft Azure, or Google Cloud Compute)
Knowledge of containers and scheduling frameworks (e.g Kubernetes, Docker Swarm, DCOS, ECS)
Experience integrating security practices into continuous integration tools and pipelines
Well-rounded background in host, network, and application security including knowledge of internet security issues and threat landscape
Demonstrable knowledge of TCP/IP, HTTP, application security, and experience supporting service-oriented, asynchronous, and distributed application architectures
Previous experience on a Security team, coordinating responses to security incidents and/or writing and presenting application security assessment reports.
Personal passion for security and cutting edge security concepts
Able to articulate technical details and risks to business leaders
Ability to listen for nuances and dig into details in order to understand systems deeply.
Familiarity with a variety of development and testing tools, such as: Eclipse, GIT, GCC, JIRA, Subversion, Maven, ClearQuest/Case, Silk, FindBugs, HP/Fortify SCA, IBM AppScan, and HP WebInspect
Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques
Familiarity with industry standards and regulations including PCI, NIST 800-53, FedRAMP and ISO27001 is desired
Bachelor' s degree or higher in Computer Science preferred
If you feel like you are the right fit for the job above, please click the apply online button below and I will be sure to reach out ASAP!