Description:
Business Overview:
The IT Security Engineer must have the security domain expertise, technical expertise, leadership skills, communication skills, and negotiation skills to work with application project and development teams throughout the entire software development lifecycle to build security into applications produced. The IT Security Engineer will also be expected to coach the IT development team to broaden their knowledge of best in class Dev Sec Ops-enabled security techniques and the latest IT security tools and trends. The role will be responsible for developing executive level readout materials, developing an achievable security improvement roadmap, and presenting results and recommendations at a senior leadership level. Alternate location of Basking Ridge, NJ is also acceptable in addition to Irving, TX Responsibilities: Work with development teams to employ a secure architecture Provide education and guidance about secure coding practices Ensure compliance with Policies, Standards, Requirements, and Directives are met Schedule, scope and prioritize security assessments of applications Assess applications for vulnerabilities using manual and automated methods, such as threat modeling, code reviews, tool scans and penetration testing Identify, document, rate, and communicate vulnerabilities in terms of Confidentiality, Integrity and Availability to multiple audiences Reproduce, demonstrate and retest vulnerabilities Provide guidance and direction on remediating vulnerabilities Maintain awareness of security issues amongst the development community, summarize the incidents for internal resources, and determine proactive steps to reduce internal risk Continually improve the secure development process and environment Collaborate with Application Security team to develop executive level readout materials Provide key input and recommendations into an overall security improvement roadmap Required Qualifications: Understanding of the Software Development Lifecycle (SDLC) Understanding of multi-tiered architecture Passion for application security Process oriented Ability to describe vulnerabilities and application security concerns to both technical and non-technical persons 3-5 years of hands-on technical experience developing and testing apps in .NET or Java 7-10 years application security experience Experience performing architecture reviews and threat modeling Experience with cloud security: Amazon AWS, Windows Azure Preferred Qualifications: Experience with SAST tools such as Fortify, Veracode, Checkmarx Experience with DAST tools such as IBM AppScan, HP WebInspect, Acunetix, Qualys WAS, Zap, Burp Experience with Open Source Software security tools such as Black Duck and vulnerability remediation guidance Familiarity with infrastructure scanning tools such as Nessus and vulnerability remediation guidance Ethical hacking certification, GIAC GWAPT, GSSP, or GWEB certified
Required Skills Required Experience