background_image
  • IMAGE: Return to Main
  • IMAGE: Show All Jobs


Position Details: Sr. Application Security Engineer-(937597N)

Location: Hillsboro, OR
Openings: 1
Job Number:

Share

Description:

The Sr. Application Security Engineer is part of the Attack Surface Management (ASM) organization and participates in the attack surface reduction of global computing assets. The Engineer is responsible for the maintenance, uptime & availability and scan performance of Static Code Analysis (SAST), Dynamic Web App Analysis (DAST), Component Lifecycle Management (CLM) and Mobile Application Assessment capabilities. The Engineer shall ensure proper configuration of the platforms, maintain operational processes, troubleshoot scan issues, escalate issues to the vendor, collaborate with other ASM teammates to ensure proper scan configurations & integrations. The Engineer should have a strong understanding of application security issues, such as issues identified in the OWASP Top 10 and common coding defects and be able coordinate with developers regarding findings, provide remediation guidance and completion of day to day tasks associated with maintaining the platforms.

 

Job Responsibilities 

  1. Maintain the day to day operations, configuration and scaling of the SAST, DAST, CLM & Mobile Automated assessments
  2. Assist with the development and maintenance of automations as part of the enterprise DevSecOps model to ensure assessments are being performed regularly and data results are available for consumption by stakeholders
  3. Be subject matter expert on common web application security findings such as the OWASP top 10 and provide remediation recommendations
  4. Assist with false positive reports from developers for findings from the static or dynamic assessment platforms and develop false positive reduction strategies and guidance
  5. Support triage and validation of security vulnerabilities detected in production and/or reported via responsible disclosure processes
  6. Maintain and compose operational process documentation regarding program execution.
  7. Interface with other CIS organizations such as Governance, Risk, Business Information Security and Threat Intelligence to report on program status and coordinate risk identification

 

What We're Looking For:

 

To make it clear, we're not looking for just anyone. We're looking for someone special, someone who

has in-depth experience and clearly demonstrates these skills:

 

  1. Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience
  2. 5+ years of IT professional experience, with previous information security experience
  3. Direct experience maintaining enterprise level static & web application assessment platforms such as Microfocus Fortify & WebInspect, Veracode, WhiteHat, AppSpider, etc
  4. Intermediate to advanced knowledge of secure code development practices and OWASP Top 10 web application security issues
  5. Expertise in interpreted languages (Python, Javascript) and compiled languages (Java, .Net) with full-stack development experience and strong knowledge of software development lifecycles
  6. Previous experience deploying and maintaining configuration as code systems, services, containers and applications in AWS, Azure and/or GCP
  7. Experience with data analytics with the ability to provide qualitative analysis and recommendations
  8. Strong verbal and written communication skills
  9. Strong attention to detail, data accuracy, and data analysis
  10. Self-motivated and operates with a high sense of urgency and a high level of integrity

Previous experience working in large scale environments with diverse technologies

Required

  • .NET
  • DATA ANALYSIS
  • DATA ANALYTICS
  • GCP
  • INFORMATION SECURITY

Additional

  • JAVA
  • JAVASCRIPT
  • MICROFOCUS
  • PYTHON
  • QUALITATIVE ANALYSIS
  • SECURITY
  • SOFTWARE DEVELOPMENT
  • CODING
  • CYBER SECURITY
  • DOCUMENTATION
  • ENGINEER
  • GOVERNANCE
  • MAINTENANCE
  • MARKETING ANALYSIS
  • MICRO FOCUS
  • OPERATIONS
  • PROCESS DOCUMENTATION
  • QUANTITATIVE
  • REMEDIATION
  • STRUCTURED SOFTWARE
  • SUBJECT MATTER EXPERT

Perform an action:

IMAGE: Apply to Position
mautic is open source marketing automation




Powered by: CATS - Applicant Tracking System