Application Security Engineer

Job Title: Application Security Engineer

Job Location: Chesterfield MO

Job Type: C2H (Open to Fully Remote) OR Hybrid

Position Overview

This role involves engaging in application security assessments and remediation activities while collaborating closely with application development teams to ensure adherence to the secure software development lifecycle (SSDLC) framework. It requires a thorough understanding of business processes network architecture system relationships and the flow of endtoend designs with an emphasis on application security.

Responsibilities

• Configure tools for static and dynamic application security scanning.
• Interpret the results of security scans and address technology risk considerations within the SSDLC.
• Promote the fundamentals tools and processes of the application security program among delivery teams.
• Coordinate security testing activities including traditional penetration testing and the development of automated security QA testing.
• Participate in threat modeling code reviews and design reviews with a focus on security and privacy.
• Provide consultation and guidance to development teams on best practices throughout the SSDLC.
• Automate and integrate security measures into development processes and CI/CD pipelines.
• Apply corporate security guidelines to the cloud adoption framework.
• Create automated reporting techniques for security monitoring.
• Perform additional duties as assigned.

Requirements

Experience:

• 2 years of experience in information systems security.
• Knowledge of OWASP Top Ten application security assessments and code reviews.
• Familiarity with security testing tools such as Burp Suite or Zed Attack Proxy.
• Working knowledge of SAML OAuth Okta (or similar software) and SSDLC methodology.
• Experience with SOC 2 compliance and interpreting vendor SOC 2 information.
• 1 years of experience with public and hybrid cloud environments.

Preferred:

• 5 years of experience in information systems security.
• Experience with programming languages such as JavaScript Groovy Python Shell or AWK.
• Familiarity with GDPR compliance and NIST 80053 security controls.
• Certifications such as GIAC Web Application Penetration Tester (GWAPT) Offensive Security Certified Professional (OSCP) GIAC Penetration Tester (GPEN) Certified Ethical Hacker (CEH) or GIAC Web Application Defender (GWEB) are advantageous but not mandatory.
• Experience with Microsoft Office Suite (Word Excel PowerPoint SharePoint) is preferred.

PYTHON , OAUTH , AWK , GROOVY , SHAREPOINT , SAML , JAVASCRIPT , CI/CD