Monday, April 29, 2019

Application Security Engineer

Position:- Application Security Engineer
Location:- Alpharetta, GA
Duration:- Long Term/Full Time
Interview:- Skype, Web EX

[Open for all visa, EAD fine with PPN Only]

Responsibilities:-

  • Participate in end-to-end Security Engineering activities of the project, program or engagement.
  • Architect and Design security controls and policies to be implemented organization/application wide.
  • Revise existent security policies and procedures as well as propose new ways to get better data protection
  • Perform security auditing of design, configuration, application code, and necessary functionality to ensure verifiable security compliance throughout the System Development Life Cycle (SDLC).
  • Capable of evaluating & improving security posture throughout the SDLC.
  • Expertise in Secure Dev Ops implementation.
  • Review project work to assess compliance with policy, evaluate architecture usage, and identify needed improvements to the architecture and guidelines.
  • Conduct security requirements engineering, and protection needs elicitation in order to document customer security concerns and issues.
  • Assist security test planning and implementation based on perceived security needs of the system and the security solution provided.
  • Knowledge of Manual and Tool based Static/Dynamic Audits and Manual Penetration testing for large enterprise applications.
  • Compile reports on security metrics, project status, and compliance.
  • Act as Security Liaison to the project and coordinate with internal security engineering, evidence management and security risk / vulnerability analysis roles.

Requirement:
  • 8 – 12 years of relevant experience in Application Security Domain.
  • Expertise in Secure Architecture, Secure Design and Code reviews.
  • Experience with AGILE, DevSec Ops implementation.
  • Knowledge of Manual penetration testing and Tool based Static/Dynamic Audits.
  • Web, mobile, API, and MicroServices design patterns and architectures.
  • Attack & defensive patterns within those design patterns and architectures.
  • Expertise in various Secure Code Analysis tools like HP Fortify SSC and SCA, Checkmarx; Vulnerability scanners like HP WebInspect and Web proxies like Burp Suite, Fiddler.
  • OWASP Top Ten, CWE, SANS.. etc.
  • AWS, Cloud security.
  • Regulatory regimes like PCI, GDPR, HIPAA, etc.
  • CISSP, OSCP, CEH Certified. (Desirable).
  • Engineering graduate preferably in computers.


Mohd.  Suhail
Technical Recruiter
Amiga Informatics
USA ||Canada ||Hong Kong ||India ||Dubai
USA Direct No  +1-516-430-6831| Amiga Board No +1-516-531-9060 Ext. 111