Application Security Engineer

Location: Pasadena, CA
Date Posted: 25-08-2017
Job Description:
The information security program leverages industry accepted guidelines of the International Standards Organization (ISO/IEC) 27001/27002 as well as the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

RESPONSIBILITIES/DUTIES:
As the owner of the application security program you will be responsible for:
 
·    Improving and maintaining secure development standards and managing application security framework improvement projects
·    Integrating security tools, standards and processes into the Software Development Life Cycle (SDLC)
·    Producing metrics reporting the state of application security programs and performance of development teams against requirements
·    Ensuring that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities
·    Improving and supporting application security tool deployments including static analysis and runtime testing tools
·    Performing manual security testing of applications and databases and standards gap analysis services to internal business and technology partners
·    Providing security requirements for test-driven design
·    Supporting Vendor Security activities to ensure 3rd-party software and development meets Western
Asset security standards
·    Holding 3rd-partys accountable for code quality
·    Supporting the incident response and architecture review processes whenever application security expertise is needed
·    Managing budgets and planning multi-year roadmaps
·    Ability to positively influence the behavior of peers and build relationships with other teams
·    Self-starter, ability to work independently with minimal supervision and as part of a team

COMPETENCIES:
Required skills for this position:
 
·    Bachelor's Degree (or equivalent work experience) required
·    An in-depth understanding of OWASP Top 10 is required
·    Minimum 6 years of experience in information security related positions
·    Minimum 6 years of application security work experience - familiar with common coding languages: JAVA, .Net, etc.
·    Strong understanding of application frameworks and technologies including Software Development
Life Cycle methodologies
·    Familiarity with agile development processes and have experience integrating secure development practices
·    Experience in describing application security coding concepts to personnel of both technical and non- technical backgrounds
 
Preferred/Desirable skills:
·    Information security certifications: GSSP-.NET, GSSP-Java, CISSP, OSCP, etc. are preferred
·    Familiarity with a variety of development, testing, and vulnerability scanning tools, including but limited to: Eclipse, GIT, GCC, JIRA, Subversion, Maven, Jenkins, VeraCode, ClearQuest/Case, Silk, FindBugs, HP/Fortify SCA, IBM AppScan, and HP WebInspect, etc.
·    Strong ability to explain vulnerabilities and weaknesses in OWASP Top 10, WASC TCv2, and CWE
25 to any audience, and discuss effective defensive techniques
·    Experience with Web, Java, .NET, and Python development
·    Experience promoting Continuous Delivery and a DevSecOps pipeline
·    Experience with Docker and Containerization
·    Strong scripting skills is highly desirable
·    Familiarity with industry standards and regulations including FFIEC, SOX, and ISO27001 is desired

Education:
Bachelor's Degree (or equivalent work experience) required

 
or
this job portal is powered by CATS