Application Security Engineer

Job Description

Application Security Engineers need to be aware of emerging industry trends along with standard sources of intel and guidance. Overall , this role serves as a key contributor to our Application Security space by identifying means of quantifying and qualifying our overall application security posture. As a security SME , this role can also be called upon to help investigate root cause in the event of an application security event. Prior exposure and experience in Agile , DevOps , DevSecOps , CI / CD Pipeline , automation and Digital Transformation are highly desirable as they are essential to our growing and evolving development environment. Excellent communications , both written and verbal are essential to the success of the role. As one of our Application Security subject matter experts , this role will advise , consult , design and contribute to ongoing project development efforts , while serving as a train - the - trainer contact for secure coding practices across the dev environment. Outgoing , personable , and positive attitudes are key in driving a true partner - based security / development relationship. Duties and Responsibilities: As an Application Security Engineer , you will be a pivotal in driving secure code efforts including code reviews , project security reviews , penetration testing support and application scanning processes. You will be in the thick of it daily , driving bug remediation , meeting with project teams to identify and secure changes in new functionality and stay on the forefront of bug identification and patching. You will partner with your fellow security engineers to keep Medline secure while helping us grow! Develop and maintain web application security scanning and mitigation / remediation practices. Evaluate output of testing tool / technologies (vulnerability , code review , penetration test) and tracking remediation Develop and maintain security coding standards and best practices for developers , analysts and architects. Perform source code and application architecture reviews in association with security best practices and standards. Develop and maintain application security health scorecards. Research latest coding practices , technologies and other solutions to improve application security Work closely with development teams. Provide training , consulting and mentoring. Manage and administer technologies / tools / software related to application security. Required Skillsets: Required coding languages: JavaScript , Java , .NET Desired Experience / knowledge / expertise with the following: Static and dynamic code scanning tools and methodologies , such as Fortify , WhiteHat , Burp , SonarQube , etc. Project and software development lifecycles (SDLC , DevOps , DevSecOps , Waterfall , Agile , etc.) Web application communications network architecture , authentication & authorization schemes and protocols , Web APIs , secure authentication mechanisms , secure password storage & exchange , Multi - factor authentications , SSO , Open SSL , Containers Web application development frameworks , protocols , content management systems and techniques: SFTP , JBoss , Apache , IIS , .NET , WordPress , etc. General Database knowledge (Oracle , MS Sqlserver) SQL Database Architecture , Schema design Database authentication , authorization methods / protocols OWASP tools and methodologies. Vulnerability scanning tools and methods , such as Nexpose , Nessus , etc. Common application attack methods , and associated preventions / defenses HITRUST / HIPAA Desired Academic & Professional Qualification Bachelor s degree , preferably in Computer Science or Information Technology Desired Security Certifications: GWAPT , GPEN,

Keyskills :
networking enetrationtesting webapplicationdevelopment customerrelations contentmanagementsystems