Application Security Engineer

Description

Tyler Technologies is seeking an Application Security Engineer to join our growing team with a focus on ensuring that every step of the software development lifecycle (SDLC) follows security best practices.

The Application Security Engineer position involves conducting manual application security assessments against Tyler products and systems, managing vulnerabilities, and collaborating with development groups to triage and remediate them. They will be integral in integrating key security practices into the software development lifecycle. This will include partnering with various security peer teams, IT, Development, and Engineering to integrate or improve the security practices. The Application Security Engineer will functionally support product engineering and software development in securing the company's product portfolio. Application Security Engineers have a direct impact on the security posture of our company, ensuring that Tyler products are effectively protecting client data and systems from threat actors. To be successful in this role, candidates should have experience in complex, fast-paced, technical environments with a passion for technology and process-driven, collaborative problem-solving.

Responsibilities

• Execute project plans and maintain the scope, schedule, and each party's responsibilities.
• Test Tyler products for OWASP Top Ten vulnerabilities using both automated and manual testing.
• Code audits and design reviews.
• Provide expert knowledge and guidance to the application development teams about security vulnerabilities and applicable remediation paths.
• Assist divisions with implementing regular automated and manual testing as a part of their software development life-cycle.
• Work with teammates to learn, regularly share skills, and foster team excellence.
• Participate in security team meetings that facilitate secure design and threat modeling.
• Investigate enterprise security incidents (IR) and provide analysis to senior leadership.
• Facilitate and support projects to increase Tyler's overall security posture.
• Other duties as assigned by manager.

Qualifications

• Bachelor's degree in Cybersecurity, Systems Engineering, Computer Science, Information Systems Management, or similar.
• 5+ years with shown ability working in IT security.
• 3+ years with confirmed ability in Application Security, Cybersecurity, or web application frameworks.
• At least 1 year in software engineering preferred
• Knowledge of programming languages such as Java, C#, Javascript, Python, etc preferred
• Desire to expand knowledge in many development languages, applications, and tools
• Experience with OWASP top 10, SANS top 25, CVE, CVSS, CWE etc
• Sophisticated understanding of attack vectors for both on-prem and cloud environments.
• Self-motivated and capable of leading and completing assignments without supervision.
• Ability to respond to changing priorities and operate effectively in a dynamic environment.
• Ability to weigh business needs against security concerns.
• Strong interpersonal, verbal, and written communication skills.
• Strong organizational skills and ability to handle a wide range of tasks and re-prioritize them on short notice.
• Ability to work both independently and collaboratively within a team or remote work setting.
• Must be passionate about security and continuing education outside of work.

• The ideal candidate will have advanced knowledge of:
• Operating system, network, and application security vulnerabilities
• Manual testing of OWASP Top Ten Vulnerabilities
• Current security certifications
• Using, configuring, installing, and tuning information security applications and appliances.
• Security testing tools and frameworks (BurpSuite Pro, Kali Linux, SAST/DAST scanners, Sqlmap, Metasploit, nExpose, nmap, SOAPUI)
• Developing exploits for discovered vulnerabilities
• Public-sector software products and commercial cloud environments