NO SPONSORSHIP
Security Engineering (Application Security)
SALARY: $160k - $170k plus 15% bonus
LOCATION: DALLAS, TX
On Site 3 days a week
Looking for an Application security, web applications, network applications engineer. You will also create custom scripts and perform automation while also performing security assessments on both Legacy on prem and cloud environments. Candidate would also Identify, document and communicate vulnerabilities.
Application Security/Secure SDLC
Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC.
Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows.
Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery.
Build out process for threat modelling and secure design review process.
Implement security for supply chain security, AI/ML application security, Open source etc.
Qualifications:
Experience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others.
Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, GCP, IaaS/PaaS/SaaS).
Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management
Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed.
Strong knowledge of cryptography
Technical Skills:
- Deep knowledge of common web, API and cloud vulnerabilities (eg OWASP Top 10, CWE, auth flaws etc.).
- Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications.
- Familiarity with secure coding principles across multiple languages (eg python, Java, JavaScript etc.).
- Knowledge of how security fits into platform engineering and cloud native stacks.
- Deep understanding of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.).
- Familiarity with API security (REST & GraphQL), Postman, OOWASP top 10).
- Proficiency with artifact repositories and implementing security controls around component ingestion.
- Knowledge of shift-left strategies and embedding controls early in the development life cycle.
- Familiarity with Kubernetes security, container scanning and cloud infrastructure as code.
- Ability to triage and prioritize vulnerabilities based on exploitability, impact and business context.
- Strong proficiency application security and vulnerability management.
- Strong experience with custom Scripting (python, C , PowerShell, bash, etc.) and process automation.
- Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.).
- Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls.
- Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus.
- Familiarity with application frameworks and their built-in security services and API's (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.).
- Knowledge of security architecture design and principles including confidentiality, integrity and availability.
- Knowledge of automated code scanning tools and development pipeline tools.
- Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP).
- Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, Active Directory, and LDAP).
- Fundamental understanding of network and data communications technologies
- Knowledge of (AWS, Azure, GCP) Cloud security concepts, best practices, and environments.
- Knowledge of Secure DevOps concepts.