Application Security Engineer (Closed)
SkillStorm is seeking an Application Security Engineer for our client in Addison, TX OR Chicago, IL OR Washington DC OR Denver, CO. Candidates must be able to work on SkillStorm's W2; not a C2C position. EOE, including disability/vets.
Job Description:
- This role is for an individual contributor security engineer in Enterprise Application Security Engineering team, aka the Developer Security Platform. The team delivers application security testing solutions to the enterprise developer community for use in their software development methodologies and to the Global Information Security team for independent testing.
- Solutions delivered include primarily commercial vendor software. Engineers are responsible for designing, building, deploying, and managing software for the enterprise. Deployment includes integration to enterprise systems in compliance with policy and standards. Managing the software includes traditional release planning and execution, plus also understanding the business requirements to expand and extend product capabilities to meet the needs of the bank, by developing add-on enhancements.
- Engineers also partner with Architecture and Research & Innovation teams for new initiatives; with Production Operations for support responses; Assessors for solution accuracy efforts and developers across the enterprise for L3 user support.
- The immediate responsibility of the successful candidate will be to join the team in deploying a new enterprise threat modeling solution. Participation in other projects underway or planned could include the bank’s enterprise security pipeline, implementation of a new software SBoM/SCA products; implementing automated IAST capability in QA; re-designing self-service DAST offerings. Future proof of concept evaluation on new products which could become projects, in partnership with R&I, should also be expected.
Primary skills for success on the team include:
- Software deployment on midrange (Windows Server, RHEL) hosts
- Application infrastructure design and deployment for high availability
- Understanding of application security vulnerabilities and prevention methods
- .NET or Java Web Application development on an enterprise scale
Related Skills / Additional skills and experiences that can be applied in the role include the following:
- Enterprise level deployment and support of SAST and/or IAM products
- Technical leadership in application design, development and/or support
- Application code review practice, functional and quality focus
- Software testing, QA or security leadership
- Scripting ability in Python or similar language
- CISSP, GISSP or other relevant secure coding certification(s)
- iOS or Android Mobile application development for consumer applications
- Technical specification development, both internally and for vendor software
- Threat modeling of complex application architectures
- Business experience in and/or supporting the financial sector
- Security vulnerability assessment techniques during design, development, and testing
- Operation of enterprise policy and standards for technologies and development
- Engagement of key stakeholders, both technical and senior leadership
Preferred Experience Level:
- 5-10 years of experience with public internet web and/or consumer mobile development
- 2 years of experience involved in testing, QA or security related activities (can be concurrent)
- Bachelor’s Degree in Computer Science, Engineering or equivalent experience
- We are a team of great application security engineers who work as a team to architect, design, build and deliver secure security solutions at scale. If this sounds like you then please, let’s talk.
#LI-DNI