Friday, June 17, 2016

Application Security Engineer

Open Position – Application Security Engineer
Location: Dodgeville, WI
Duration: Contract
Salary: OPEN
Start Date: ASAP
Interview Process – SKYPE (Thursday or Friday)


The Application Security Engineer is responsible for the security, risk management, and incident management of the organization's internal and external applications. Is responsible for the application security of solution design of the organizations software development efforts and will act as a subject matter expert on infrastructure review, design analysis, scan analysis, and managing all other application security aspects of the projects engagement lifecycle.
This technical position requires collaborating with multiple groups across the IT organization that include project, business, architecture, and operational teams to enable our business goals. Experience as a software engineer is a must. Strong communication skills that enable you to explain security goals to a wide variety of technical levels.

Principle Responsibilities:
  • Establish and maintain security application policies, procedures, and processes
  • Partner with application architecture team to investigate and establish approved application development technology guidelines
  • Perform application vulnerability assessments and threat modeling for solution designs and integrations
  • Participate in solution architecture reviews
  • Establish application security requirements for SDLC, patching, enhancements, and fixes
  • Set testing goals for application security
  • Proactively perform penetration testing of all web applications
  • Review and prioritize static code scans results and be able to alleviate risks
  • Manage and monitor the Web Application Firewall (WAF)
  • Validate reported third party vulnerabilities and facilitate remediation efforts
  • Incident investigation of application logging and data forensic analysis
  • Provide data classification for appropriate secure management
  • Proactively identify application security opportunities and develop solutions to address them.
  • Manage application standards for code version, web / application server, OS, and other patches or upgrades
  • Assist with daily support of all security infrastructure alerts, notices, and reporting
  • Coach or mentor engineering team members with secure coding standards
  • Participate in a 24/7 on call rotation

General Qualifications:
  • Strong knowledge of software programming languages and platforms (Java, Hybris, and Demandware).
  • Strong knowledge of static and dynamic scanning tools (SonarQube, Rapid7)
  • Experience with quantitative threat analyst techniques. (Stride, Dread)
  • Excellent analytical and problem solving skills including root-cause analysis
  • Experience with penetration testing tools and techniques (Burp, Zap, OWASP)
  • Experience with UNIX and Windows infrastructure and commands
  • Experience with Enterprise Security infrastructure (WAF, Dos, Firewalls, IPS)
  • Strong ability to work independently and complete tasks in a timely fashion
  • Proven teamwork and leadership skills
  • Professional and courteous attitude with attention to customer service
  • Ability to work efficiently on multiple projects
  • Excellent written and verbal communication skills
  • Possess a working knowledge of project management
  • A computer related degree or comparable work experience
  • Professional certifications are a plus

Experience with the following technologies is preferred:
  • Windows, UNIX, Linux, Kali, MVS
  • Juniper, Palo Alto, PingIdentity
  • Palo Alto Panorama, MobileIron, Symantic PKI
  • Burp, Zap, Kali
  • Splunk
  • Jira
  • HTML, CSS, XML, C++, JavaScript, Java, Perl
  • CyberArk
  • Nexpose, SonarQube
  • DB2, Oracle
Joe Walsh
Technical Recruiter, Mondo
(312) 340-6958
Chicago, IL 60602