Senior Application Security Engineer

This role is responsible for security engineering of the cloud (AWS, Azure) environments and vulnerability management of both Infrastructure as Code (IaC) and application development (SAST/DAST). Engineers will spend their time helping development teams identify and track security risks to remediation while embracing concepts of agile delivery and DevOps.

Engineers must have the following:

• 8+ years of Cybersecurity experience
• Familiarity with Web Application Security standards (OWASP, MITRE)
• Experience with application security technologies including SCA/SAST/DAST and the ability to identify false positives and assist with remediation planning
• Previous experience integrating security tools in CI/CD development pipelines
• Excellent verbal and written communications
• Working knowledge of:
  • IEC 62443 or similar product security standards
  • ISO/IEC 27001 concepts
  • Secure development lifecycle practices

Nice to have skills:

• Professional certification (CISSP, CCSP, GWAPT, GWEB, AWS SA / Certified Security, etc.)
• 1-3 years working directly with Cloud Infrastructure as code (CFT, TF) in AWS
• Familiarity with ServiceNow VM and GRC modules
• Development of automation and scripting