Application Security Engineer

Vertafore · Other US Location

Company

Vertafore

Location

Other US Location

Type

Full Time

Job Description

JOB DESCRIPTION

As a mid-level Application Security Engineer, you will be responsible for evaluation of all aspects of the software system design lifecycle. You will be expected to understand the principles of secure software design, be fluent enough in high-level modern programming languages to be able to read code and identify deficiencies in that code, be able to communicate with development teams the issues that exist and how to resolve them, be familiar with the Agile planning process and associated tools, be familiar with common CI/CD platforms and software security engines, and have a high-level understanding of operating systems and cloud environments.ย 

Core Requirements and Responsibilities:

Essential job functions include but are not limited to the following:

ยท Partner with development teams to configure and perform static, dynamic, and software composition analysis scans using commercial software scanning products such as Fortify, Veracode, Checkmarx, or similar tools.

ยท Understand and configure Applications in CI/CD platform for integration with Scanning tools.

ยท Troubleshoot security scans and work with development teams to configure scans for different OS platform including but not limited to Windows, Linux.

ยท Review results from automatic code scanning, validating reported false positive results and providing guidance to development teams on how to resolve the true positive results.

  • Participate in Agile planning with development teams to ensure secure coding is baked into development process rather than bolted on after the fact.
  • Participate in the development of threat models for new products and the maintenance of threat models for ongoing products
  • Participate in the evaluation of new application security tools (e.g. code scanners and web application firewalls (WAFs))

Knowledge, Skills and Abilities:

ยท Excellent communication skills--able speak about security concerns with both technical and non-technical audiences.

ยท Proficient in being able to read a wide variety of programming languages, but especially Java, JavaScript, C, C++, and C#.

ยท Familiar with PowerShell and Linux command line.

ยท Familiarization with Amazon Web Services equivalent to the knowledge required for the AWS Certified Cloud Practitioner certification

ยท Proficient in Git, GitLab, and at least one commercial software scanning solution

ยท Knowledgeable of the Agile planning process and commercially available tools used to enable the Agile planning process (e.g. Jira, Rally, Confluence)

ยท Familiar with ServiceNow

ยท Knowledgeable on Threat Modeling

ยท Knowledgeable on the OWASP Top 10 vulnerabilities (2021 Edition) and how to resolve or mitigate them

ยท Knowledgeable of the NVD, CVEs, and CVSS 3.0 scores

ยท Knowledge of best practices in Incident Response for software applications

ยท Familiarity with APIs, common API vulnerabilities, and how to secure them

ยท Able to work with a minimum of supervision

Qualifications:

ยท Bachelor's degree in Information Security, Computer Science, or equivalent combination of education and working information security experience required.

ยท Minimum 5 - 8 years of Information Technology or minimum 3 - 7 years of Information Security

ยท Minimum 3 years of writing or evaluating programming code in at least one of the following languages: Java, JavaScript, C++, C#, or Python

ยท Certifications such as Security+, SSCP, or CISSP preferred but not required.

Additional Requirements and Details:

ยท Travel required up to 10% of the time.

ยท Located and working from the Hyderabad office.

ยท Able to work at least a portion of the day when US offices are open.

ยท Occasional lifting and/or moving up to 10 pounds.

ยท Frequent repetitive hand and arm movements required to operate a computer.

ยท Specific vision abilities required by this job include close vision (working on a computer, etc.).

ยท Frequent sitting and/or standing.ย 

Apply Now

Date Posted

06/04/2024

Views

4

Back to Job Listings Add To Job List Company Profile View Company Reviews
Positive
Subjectivity Score: 0.8

Similar Jobs

Software Architecture Engineering and Cloud Computing Engineer - The Aerospace Corporation

Views in the last 30 days - 0

The Aerospace Corporation is seeking a Senior Project Engineer with expertise in software architecture engineering and cloud computing The role involv...

View Details

Lead Technical Support Engineer - HERE Technologies

Views in the last 30 days - 0

This role Senior Technical Support Engineer at HERE Technologies involves supporting a diverse portfolio of products and services acting as a technica...

View Details

Principal / Lead Software Engineer- RUST (Algorithmic and Mathematics) - m/w/d - HERE Technologies

Views in the last 30 days - 0

HERE Technologies is seeking a Principal Software Engineer to lead the development of extended services for their VRP solver Tour Planning The role in...

View Details

Senior Software Engineer (Scala/Java) - HERE Technologies

Views in the last 30 days - 0

HERE Technologies is seeking an experienced backend engineer with strong Java or Scala skills to join the Map Processing Pipelines team The role invol...

View Details

Software Engineering Manager - Cargill

Views in the last 30 days - 0

The Software Engineering Manager job involves setting goals for a team responsible for software project development and delivery ensuring quality stan...

View Details

Sales Development Representative - UK (Remote) - Dscout

Views in the last 30 days - 0

Dscout is a company that specializes in experience research solutions helping innovative companies like Salesforce Sonos Groupon and Best Buy to build...

View Details