Application Security Engineer
Alpharetta, Georgia | Direct Hire
Senior Application Security Engineer/Architect
Coordinates the activities of a small team of application security engineers/architects to ensure consistency and thoroughness of testing. Leads CyberSwat team during advanced incident response.
Looks for better ways to utilize security tools, to get the most value out of existing tools.
Responsible for the application security across the whole SDLC from requirements to testing. Agile product owner for “Security”; prioritizes security requirements, security defects and other security work items for the team. Conducts penetration tests/web app assessments of company developed applications. Manages and maintains penetration testing tools as well as validating findings as needed.
Skills: OWASP, SAML, Penetration testing, pen testing, vulnerability management, SDLC, network security, Scripting, AJAX, Apache, SOAP, Windows, Linux, Weblogic, WebSphere, XML, Tomcat, SAS, IIS, Oracle, SQL
- Coordinate Red Team activities
- Lead CyberSwat team
- Agile Product Owner for Security; prioritizes security requirements, security defects and other security work items for the team
- Manages and audits the code review process within the SDLC
- Works with QA to validate security functionality
- Scans release candidates to detect vulnerabilities prior to release at end of sprint cycle
- Maintain an annual schedule and execute penetration tests against the corporate portfolio of applications
- Provide security training to engineering staff (OWASP, Secure Coding, etc.)
- Strong web application penetration testing experience
- Knowledge of HIPAA, PCI, SOC1/2, HITRUST, and SOX audit requirements
- Knowledge of the software development life cycle in a large enterprise environment
- Knowledge of Agile and DevOps methods and related security controls
- Experience with performing code review
- Programming background (C++/Java, Perl, Python, Shell)
- Understanding of various web application architectures
- Understanding of server and client side application development
- WebServices technologies like XML, SOAP, and AJAX
- Technical knowledge in security products, cryptographic suites, authentication
- Operating Systems: Windows and Linux.
- Web Servers: IIS, Apache
- Middleware software: Oracle's WebLogic, IBM's WebSphere, Apache Tomcat
- In-depth knowledge of proxying tools such as Paros, Burp, WebScarab, and Achilles "fault injection"
- Experience with any of the commercial application scanning tools (Acunetix)
- Experience with any open source tools like Whisker and Nikto
- Networking tools, such as Nessus and nmap
- CEH, LPT, OSCP, CISSP certifications preferred but not required