Position:- Application Security Engineer
Location:- Alpharetta, GA
Duration:- Long Term/Full Time
[Open for all visa, EAD fine with PPN Only]
- Participate in end-to-end Security Engineering activities of the project, program or engagement.
- Architect and Design security controls and policies to be implemented organization/application wide.
- Revise existent security policies and procedures as well as propose new ways to get better data protection
- Perform security auditing of design, configuration, application code, and necessary functionality to ensure verifiable security compliance throughout the System Development Life Cycle (SDLC).
- Capable of evaluating & improving security posture throughout the SDLC.
- Expertise in Secure Dev Ops implementation.
- Review project work to assess compliance with policy, evaluate architecture usage, and identify needed improvements to the architecture and guidelines.
- Conduct security requirements engineering, and protection needs elicitation in order to document customer security concerns and issues.
- Assist security test planning and implementation based on perceived security needs of the system and the security solution provided.
- Knowledge of Manual and Tool based Static/Dynamic Audits and Manual Penetration testing for large enterprise applications.
- Compile reports on security metrics, project status, and compliance.
- Act as Security Liaison to the project and coordinate with internal security engineering, evidence management and security risk / vulnerability analysis roles.
- 8 – 12 years of relevant experience in Application Security Domain.
- Expertise in Secure Architecture, Secure Design and Code reviews.
- Experience with AGILE, DevSec Ops implementation.
- Knowledge of Manual penetration testing and Tool based Static/Dynamic Audits.
- Web, mobile, API, and MicroServices design patterns and architectures.
- Attack & defensive patterns within those design patterns and architectures.
- Expertise in various Secure Code Analysis tools like HP Fortify SSC and SCA, Checkmarx; Vulnerability scanners like HP WebInspect and Web proxies like Burp Suite, Fiddler.
- OWASP Top Ten, CWE, SANS.. etc.
- AWS, Cloud security.
- Regulatory regimes like PCI, GDPR, HIPAA, etc.
- CISSP, OSCP, CEH Certified. (Desirable).
- Engineering graduate preferably in computers.
USA ||Canada ||Hong Kong ||India ||Dubai
USA Direct No +1-516-430-6831| Amiga Board No +1-516-531-9060 Ext. 111