Principal, Application Security Engineer
Job Description
Act as a subject matter expert for Application Security with a focus on code scanning (SAST).
Collaborate within the SSDLC space for other team functions like DAST, Open Source Security, pen-testing and threat modeling. Evaluate cases where tool output and manual evaluation are not aligned
Developer awareness and training are a strong focus of the SSDLC team. Organize knowledge sessions and training for dev teams on secure development and testing. Interact with business leads, security champions and application managers to socialize objectives and provide expert advice on SSDLC topics. Participate in and help improve the security champions program.
In addition to technical ability, an awareness of broader risk landscape and the ability to understand and improve SSDLC and related processes is expected. Must have the ability to influence and collaborate with various teams to further security goals and objectives.
We are geographically distributed; capability and willingness to function with people across locations is expected.
Specific knowledge/ skills:
Experienced developers, with an interest in security along with working knowledge of code security, are welcome to apply.
A background in security architecture and application security basics like web-app security, OWASP Top Ten and familiarity with exploitation patterns and mitigations are required.
Experience in code scanning using SAST tools like Checkmarx, Veracode etc. is required.
Familiarity with DevSecOps pipelines, new and legacy development methods and practices is required.
Writing skills with the ability to build useful educational content, and the ability to empathize with developers and application teams is required.
Past experience in DAST, threat modeling, open source scanning and penetration testing is preferred.
Experience in secure development in a cloud environment is preferred.
Experience managing small teams including analysts, consultants is preferred.
Background in application development, such as building apps in at least one language in recent history, is preferred.
Familiarity with the vocabulary and practices of technology risk management is preferred.
Experience using ServiceNow is preferred.
Experience in financial or other heavily regulated industry is preferred.
Familiarity with Cybersecurity industry standards such as NIST / ISO is preferred.
Qualifications:
A College or University degree and/or relevant work experience is required.
12+ years of overall experience in software development and information security, including 2+ years in application security.
Collaborate within the SSDLC space for other team functions like DAST, Open Source Security, pen-testing and threat modeling. Evaluate cases where tool output and manual evaluation are not aligned
Developer awareness and training are a strong focus of the SSDLC team. Organize knowledge sessions and training for dev teams on secure development and testing. Interact with business leads, security champions and application managers to socialize objectives and provide expert advice on SSDLC topics. Participate in and help improve the security champions program.
In addition to technical ability, an awareness of broader risk landscape and the ability to understand and improve SSDLC and related processes is expected. Must have the ability to influence and collaborate with various teams to further security goals and objectives.
We are geographically distributed; capability and willingness to function with people across locations is expected.
Specific knowledge/ skills:
Experienced developers, with an interest in security along with working knowledge of code security, are welcome to apply.
A background in security architecture and application security basics like web-app security, OWASP Top Ten and familiarity with exploitation patterns and mitigations are required.
Experience in code scanning using SAST tools like Checkmarx, Veracode etc. is required.
Familiarity with DevSecOps pipelines, new and legacy development methods and practices is required.
Writing skills with the ability to build useful educational content, and the ability to empathize with developers and application teams is required.
Past experience in DAST, threat modeling, open source scanning and penetration testing is preferred.
Experience in secure development in a cloud environment is preferred.
Experience managing small teams including analysts, consultants is preferred.
Background in application development, such as building apps in at least one language in recent history, is preferred.
Familiarity with the vocabulary and practices of technology risk management is preferred.
Experience using ServiceNow is preferred.
Experience in financial or other heavily regulated industry is preferred.
Familiarity with Cybersecurity industry standards such as NIST / ISO is preferred.
Qualifications:
A College or University degree and/or relevant work experience is required.
12+ years of overall experience in software development and information security, including 2+ years in application security.
Explore More
Apply Now
Back to Job Listings
Add To Job List
Company Profile
View Company Reviews
Date Posted
08/04/2023
Views
4
Positive
Subjectivity Score: 0.8
Similar Jobs
Lead Architect - Analytics Engineering (Requiring Python) - CVS Health
Views in the last 30 days - 0
View DetailsCase Manager Registered Nurse - Field (Cook County) - CVS Health
Views in the last 30 days - 0
View Details