Description:

Business Overview: 

The IT Security Engineer must have the security domain expertise, technical expertise, leadership skills, communication skills, and negotiation skills to work with application project and development teams throughout the entire software development lifecycle to build security into applications produced. The IT Security Engineer will also be expected to coach the IT development team to broaden their knowledge of best in class Dev Sec Ops-enabled security techniques and the latest IT security tools and trends. The role will be responsible for developing executive level readout materials, developing an achievable security improvement roadmap, and presenting results and recommendations at a senior leadership level.  Alternate location of Basking Ridge, NJ is also acceptable in addition to Irving, TX  Responsibilities:  Work with development teams to employ a secure architecture  Provide education and guidance about secure coding practices  Ensure compliance with Policies, Standards, Requirements, and Directives are met  Schedule, scope and prioritize security assessments of applications  Assess applications for vulnerabilities using manual and automated methods, such as threat modeling, code reviews, tool scans and penetration testing  Identify, document, rate, and communicate vulnerabilities in terms of Confidentiality, Integrity and Availability to multiple audiences  Reproduce, demonstrate and retest vulnerabilities  Provide guidance and direction on remediating vulnerabilities  Maintain awareness of security issues amongst the development community, summarize the incidents for internal resources, and determine proactive steps to reduce internal risk  Continually improve the secure development process and environment  Collaborate with Application Security team to develop executive level readout materials  Provide key input and recommendations into an overall security improvement roadmap  Required Qualifications:  Understanding of the Software Development Lifecycle (SDLC)  Understanding of multi-tiered architecture  Passion for application security  Process oriented  Ability to describe vulnerabilities and application security concerns to both technical and non-technical persons  3-5 years of hands-on technical experience developing and testing apps in .NET or Java  7-10 years application security experience  Experience performing architecture reviews and threat modeling  Experience with cloud security: Amazon AWS, Windows Azure  Preferred Qualifications:  Experience with SAST tools such as Fortify, Veracode, Checkmarx  Experience with DAST tools such as IBM AppScan, HP WebInspect, Acunetix, Qualys WAS, Zap, Burp Experience with Open Source Software security tools such as Black Duck and vulnerability remediation guidance  Familiarity with infrastructure scanning tools such as Nessus and vulnerability remediation guidance  Ethical hacking certification, GIAC GWAPT, GSSP, or GWEB certified

Required Skills Required Experience