Come join a team where People make the difference! As a part of Marmon Holdings, Inc., a highly decentralized organization, we rely heavily on people with the aptitude, attitude, and entrepreneurial spirit to drive our success, and we're committed to attracting and retaining top talent.
We are seeking a highly skilled and experienced Senior Application Security Engineer to lead our security efforts with a focus on integrating security practices seamlessly into our development processes. The ideal candidate will have extensive experience in both security and software development, with a deep understanding of secure coding practices, vulnerability assessments, and mitigating techniques.Responsibilities:
1. Lead Security Integration: Drive the implementation of security measures throughout the software development lifecycle, ensuring that security is prioritized at every stage.
2. SecOps Implementation: Collaborate with development and operations teams to integrate security practices into CI/CD pipelines, automating security testing and deployment processes.
3. Vulnerability Management: Conduct regular vulnerability assessments using SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools, and coordinate remediation efforts with development teams.
4. Secure Code Review: Ensure all software code, including third-party components, undergo regular code reviews and static analysis to identify and remediate security vulnerabilities. Follow secure coding practices.
5. Security Architecture: Design and implement secure architecture patterns for applications and systems, considering factors such as encryption, authentication, and access controls.
6. Threat Modeling: Perform threat modeling exercises to identify potential security risks and develop strategies to mitigate them effectively.
7. Security Awareness: Educate development teams on secure coding practices, OWASP top 10 vulnerabilities, and emerging security threats to foster a security-conscious culture.
8. Incident Response: Develop and maintain incident response plans and lead investigations and post-incident reviews in the event of security breaches or incidents.
9. Compliance and Standards: Stay updated on industry regulations and compliance requirements related to application security, ensuring that our systems adhere to relevant standards.
10. Security Standards Documentation: Documentation of security practice and process during the development lifecycle.
11. Cloud Security: Implement and manage security controls for cloud-based applications and services, ensuring compliance with cloud security best practices.
Skills and Qualifications:
• Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or other relevant certifications preferred. • Proficiency in programming languages such as Java, PHP, .net, C#, ASP.net, Python, or JavaScript • Professional Certified of Cloud, AWS, Azure. • Experience in (WAF, IAM - Okta, Auth 0, KMS - encryption, OpenSSL, key vault) • Knowledge PEN testing, Burp Suite or Metasploit, Kali Linux, Wireshark network packet analysing. • Aware of regulatory requirements GDPR, HIPAA • Awareness of AI, copilot, codewhisper, vulnerability scanning - How to use AI to do code review, and vulnerability scanning • Bachelor’s degree in computer science, Information Security, or a related field. • 6 - 8 years of experience in application security, software development, or a related field. • Proficiency in security testing tools such as SAST, DAST, and vulnerability scanners. • In-depth knowledge of secure coding practices, cryptographic protocols, and authentication mechanisms. • Familiarity with OWASP top 10 vulnerabilities and best practices for mitigating them. • Experience with DevOps, SecOps practices and tools, including CI/CD pipelines and infrastructure as code. • Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams. • Knowledge to have database and mobile app security.We are looking for a proactive and passionate individual who is dedicated to staying ahead of emerging security threats and driving a culture of security excellence within our organization. If you are ready to take on the challenge of leading our application security efforts, we want to hear from you.
Following receipt of a conditional offer of employment, candidates will be required to complete additional job-related screening processes as permitted or required by applicable law.