Application Security Engineer

Job description  

• Work with product development, management, engineering and operational teams to develop best of breed security architectures supporting compliance (e.g. NYC Privacy Law, NYC Citywide Security Policies, HIPAA, SHIELD Act), customer requirements and operational SLAs 
• Provide practical guidance to engineering teams to support the implementation of security controls, guidelines, recommendations and best practices 
• Develop and implement Secure Development Lifecycle (SDL) processes and (automated / devops) tools, integration to CI/CD 
• Assist engineering teams in performing Threat Modeling, identify application threats/vulnerabilities and recommend mitigation strategies 
• Assist teams in identifying mitigation approaches for of vulnerability and static/dynamic scan results 
• Identify technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks 

Experience  

• Strong understanding of application security and industry standards and best practices (OWASP / SANS / NIST)  
• Strong understanding of SDLC and Secure Development Lifecycle (SDL) including performing threat modeling and risk assessments 
• Strong understanding of integration of security in CI/CD pipeline, DevOps, DevSecOPS  
• Experience designing and implementing API Security and Access Controls (OAuth/SAML, Web SSO, AWS IAM, Federation) 
• Must be a self-starter and able to work well with others in a fast-paced agile environment with an emphasis on collaborating and assisting the team to meet business objectives 

Qualifications:  

• 3+ year experience in tools like SD Elements, Veracode, Tenable, Rapid7 or equivalent products.  
• Experience integrating tracking of issues with Service Now plus.  
• 10 yars of Information Technology experience  
• 5 years of Application Development Experience  
• 7+ years of security engineering experience  
• Bachelor’s degree in information security/systems or related experience  
• CISSP / CCSP certification a plus