Application Security Engineer
Do you want to be a difference maker? This position will make a difference as an active hands-on technical role responsible for supporting the business by strengthening the security program. This person will work across the organization applying Cybersecurity principles and best practices to proactively protect and maintain the confidentiality, integrity and availability of information systems and applications.
Responsibilities include, but are not limited to:
- Drives a Security Development Lifecycle that parallels the Software Development Lifecycle
- Ensures applications are aligned with security requirements and designs
- Pro-actively support the Engineering and Product Teams to help them understand security requirements
- Assist and train Engineering in secure coding as they develop or modify their application code
- Automate and integrate security into CI/CD pipelines
- Completes application risk assessments and audits using tools, technologies and methods
- Performs application vulnerability testing for weaknesses and recommend corrections or remediate
- Administer security tools such as baseline and attack surface analyzers, health checks, etc.
- Runs internal red team exercises
- Coordinate and manage 3rd party pen-testers and bug bounty programs
Desired Skills/ Experience:
- Experience with software design principles and designing secure solutions for web facing applications
- Understanding of secure coding practices, such as, SQL Injection and Cross Site Scripting
- Knowledge of OWASP top 10 in the context of Web Applications developed in .NET or Java
- Understands web application security, threat modeling, application identity management and cryptography
- Experience using SAST, DAST and penetration testing tools
- Knowledge of databases and database security is a plus
- Experience in cloud environments (ie. MS Azure, AWS, GCP) and cloud-based tools is a plus
- Strong problem-solving skills and a drive to succeed
- Desire to advance and push the boundaries of application security
- CSSLP, CISSP, OSCP, CEH, or other industry InfoSec certification(s) a plus
- Knowledgeable in security frameworks and best practices a plus (ISO 27001, SOC 2, NIST, HIPAA, etc.)
- Knowledgeable of privacy regulations and best practices a plus (Privacy Shield, GDPR, etc.)
Robust. Agile. Collaborative. And you should see our software. Bringing the transformative power of the cloud to the compliance and ethics industry, Convercent's award-winning SaaS solution empowers our customers to be more effective and efficient in managing their compliance efforts and mitigating risk. With an inclination towards innovation, Convercent is helping our customers raise the standard--and expectations--for how companies safeguard their financial and reputational health.
Convercent is an equal opportunity employer and all qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.