Application Security Engineer
Location : Bannockburn, IL
Job Type : Direct
Hours : Full Time
Required Years of Experience : 5+
Required Education : Bachelors Degree Preferred
Travel : No
Relocation : No
Job Description :
We are currently seeking an Application Security Engineer/Specialist to work in a fast paced environment with an opportunity for professional growth. Application Security Engineer will work closely with our Scaled Agile (SAFe) development teams to assess their applications, provide them guidance on secure coding practices, and implement tools and processes to help them gauge how well they're doing. You will also work with our CI/CD teams to integrate security tools into the application build process, and the rest of the organizations to drive information security and compliance. We are trusted by thousands of brands and publishers to securely measure their digital advertisements each day, so this is a crucial role in the company.
- Conduct vulnerability assessments against web applications and APIs utilizing automated tooling and manual approaches.
- Help evolve RevenueWell's application security functions and services
- Work closely with various engineering teams to establish, implement and promote security standards to properly secure applications.
- Implement and automate static code analysis.
- Perform regular application vulnerability assessments and lead initiatives to resolve any security flaws.
- Automate security log collection and analysis wherever possible.
- Establish and promote secure coding practices and general security awareness across multiple development teams.
- Work on the improvement and integration of existing tools and development of new tools.
- Analyze, escalate and remediate security incidents. Correlate suspicious activity, identify false positives and alert on key security metrics.
- Maintain a minimum of industry best practices commiserate with organization's risk profile while ensuring compliance with industry standards (e.g., HIPAA/HITRUST)
- Document security procedures and policies.
Required Qualifications :
- Bachelor's Degree in Computer Science, Information Systems or equivalent experience.
- 3-5 years of experience in software development and as an Application Security Engineer.
- Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security.
- Knowledge of .NET scripting and automation.
- Knowledge on how to perform manual application source code security reviews for various languages such as: MS Visual Studio, MS SQL Dev Ed., Java, .Net (C#, VB#), .NET Framework, PHP, Python, NewRelic, PowerShell, TortoiseGit, NodeJS SDK, Git & GitExtensions, TeamCity, WiX Toolset SDK, Octopus Deploy, and SalesForce.
- Knowledge of cloud environments like Azure, AWS and Google
- Advanced knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security.
- Advanced knowledge of security tools such as intrusion detection systems, vulnerability scanners like Nessus, traffic analysis tools and packet sniffers like Wireshark, log collection and analysis like the ELK stack.
- Knowledge of industry security standards, principles, techniques and technologies (OWASP Top 10, ISO27001, NIST etc.)
- Understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc
- Proven ability to lead large projects that involved multiple development teams.
- SANS or Ethical Hacker certifications is a plus.