Application Security Engineer

You will be tasked with identifying, evaluating, and mitigating security risks related to application development and deployment, as well as collaborating with various teams to advocate for security in all technical decisions and developments.

• Lead the integration of security practices into all phases of the SDLC, including planning, development, testing, and deployment
• Identify, assess, and prioritize security risks within applications, services, and infrastructure, and collaborate with cross-functional teams to mitigate these risks
• Conduct threat modeling exercises to anticipate potential attack vectors and vulnerabilities, and work with development teams to implement countermeasures
• Perform application security assessments, including code reviews, vulnerability scanning, penetration testing, and static/dynamic analysis
• Advocate for secure coding practices and design patterns, providing guidance to development teams to reduce security vulnerabilities
• Collaborate with the incident response team to investigate, analyze, and remediate security incidents related to applications and services
• Deploy and maintain application security tools such as static code analysis, dynamic testing tools, and dependency analysis
• Educate and mentor developers and engineering teams on secure coding practices and emerging security threats
• Ensure compliance with industry standards, regulations, and best practices (e.g., OWASP, NIST, GDPR) in the context of application security
• Stay current on the latest security trends, vulnerabilities, and technologies, and recommend and implement improvements to existing security processes and policies • Possess a minimum of 5 years of experience in the field of application security engineering
• Must have a strong understanding of SDLC - Software Development Life Cycle
• Experience with HITRUST is required
• Knowledge and experience with Open Web Application Security Project is essential
• Proficiency in Application Security is a must
• Strong background in Python scripting is necessary
• Ability to work independently and as part of a team
• Excellent communication and problem-solving skills
• Demonstrated ability to handle multiple tasks and prioritize work
• Must have a strong ethical standpoint and respect for confidentiality requirements
• Bachelor’s degree in Computer Science, Cybersecurity, or related field is preferred.