Senior Application Security Engineer

New York, NY 10019 | Direct Hire

Post Date: 11/28/2017 Job ID: 9754 Industry: Technology
Title: Senior Application Security Engineer
Location: NYC

Salary: Competitive, dependent upon experience 


Our client is seeking a  passionate Senior Application Security Engineer. In this role, your primary focus will be ensuring, enforcing, and maintaining our high standards of security, specifically with regards to member data. 

This role is hands on and technical while requiring a heads-up nature to identify gaps and drive the creative application of state-of-the-art security practices and controls. The ideal candidate will be able to leverage automation and data analysis to embed continuous security practices into our development and operational workflows. The application security program must be designed to ensure that any software developed or acquired meets these stringent standards while enabling rapid innovation to meet the ever-changing needs.

Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders.

Day to day:

Conduct security architecture reviews on existing and new technologies and offer plans for remediation/design

Function as Subject Matter Expert for understanding of architecture, application design, systems engineering, and integration required

Integrate and develop security tools, standards, and processes into the SDLC and Product Life Cycle

Improve, develop, and support application security tools for the required security review, testing, and deployments including static analysis and runtime testing tools

Build and integrate automated security tests into our continuous integration and deployment pipelines

Conduct manual and automated application security testing and source code auditing for a variety of technologies, including software and hardware

Manage and conduct penetration tests, red team assessments, and related simulated “ hostile actor” scenarios

Establish threat modeling practices and ensure integration into the product life cycle

Share  security research on latest best practices, threats, trends, and vulnerabilities, and document and disseminate security guidelines for common security issues and baselines

Collaborate with software development teams to embed a security mindset into our products and practices (e.g. code reviews, reference implementations, security tooling and practices)

Guide project teams with encryption standards for Web services, APIs, SSO, Mobile, etc.

Provide security best practices for data systems in cloud based environments

Work with developers to design optimal security practices when developing new application functionality

Support vendor security activities to ensure third-party and open source software and development meet CLEAR’ s security standards

Produce metrics reporting the state of application security programs and performance of development teams against requirements

Mitigate security risks associated with projects which have a high technical complexity and/or involve significant challenges to the business

Communicate technical application security concepts to staff, including developers, architects, and managers



5-8 years of experience in software development

Minimum of 8 years experience (in excess of degree requirements). Minimum 2 years relevant architecture experience with expert level knowledge of application systems design and integration

Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security

The ideal candidate has experience writing and testing web applications and web services in the following programming languages: C/C++, Java, and JavaScript.

Candidates must have excellent verbal and written communication skills, preferably having contributed to technical publications

Experience with a public cloud based provider (Amazon Web Services, Microsoft Azure, or Google Cloud Compute)

Knowledge of containers and scheduling frameworks (e.g Kubernetes, Docker Swarm, DCOS, ECS)

Experience integrating security practices into continuous integration tools and pipelines

Well-rounded background in host, network, and application security including knowledge of internet security issues and threat landscape

Demonstrable knowledge of TCP/IP, HTTP, application security, and experience supporting service-oriented, asynchronous, and distributed application architectures

Previous experience on a Security team, coordinating responses to security incidents and/or writing and presenting application security assessment reports.

Personal passion for security and cutting edge security concepts

Able to articulate technical details and risks to business leaders

Ability to listen for nuances and dig into details in order to understand systems deeply.

Familiarity with a variety of development and testing tools, such as: Eclipse, GIT, GCC, JIRA, Subversion, Maven, ClearQuest/Case, Silk, FindBugs, HP/Fortify SCA, IBM AppScan, and HP WebInspect

Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques

Familiarity with industry standards and regulations including PCI, NIST 800-53, FedRAMP and ISO27001 is desired

Bachelor' s degree or higher in Computer Science preferred

Jorge Beltre

Fun Facts: Army Veteran, Roller Coaster Enthusiast, and Thrill Seeker (specifically sky diving)

If you feel like you are the right fit for the job above, please click the apply online button below and I will be sure to reach out ASAP!

Not ready to apply?

Send an email reminder to:

Share This Job:

Related Jobs: