AppSec Engineer (FT Remote)

The Application Security Engineer role bridges the gap between the Application Teams and CIS team and ensuring that our applications are properly designed and delivered securely to protect our customers and data.

 

An AppSec Engineer is responsible for working with development teams to confirm compliance to CIS standards and policies. She/he will help delivery applications security standards and solutions and help support development and engineering teams to "Shift Left" and evolve to a more DevSecOps and mature our SSDLC (Secure SDLC).

 

 

 

* Participate in and support application design/security reviews, threat modeling, including code review and security testing (include APIs)
* Own and perform application security vulnerability management
* Support and consult with development and engineering teams in the areas of application security
* Educates development team on security procedure and standards, and ensures they are followed
* Participate in agile activities (daily standups, backlog review, iteration planning etc)
* Contribute to team's backlog by creating stories/defects
* Research and help develop security solutions to help secure applications (Security Testing, API Security, Data Protection, Identity Protection)
* Experience in API Security Platforms like SALT, and NoName a plus
* Partnering with Technology Team to help deliver and standardize security solutions such as (WAF, API Security etc)
* Knowledge of application threat modeling, Remediation of OWASP Top 10, SANS Top 25 a plus
* Create Security guidance/documentation for development/engineering teams
* Help deliver application security training/outreach to development/engineering teams

Indicate the education level, previous experience, specific knowledge, skills and abilities required to meet the minimum entry-level requirements for this position. This may include special skills, licenses, certificates, etc.
* Bachelor's Degree in Computer Science, Engineering, or a directly related field preferred.
* 3-5 years of professional IT experience.
* Experience with OWASP, SAST, DAST, SCA, RASP and common security tools
* 3-5 years experience in threat modeling and secure code review
* 2-3 years development and scripting experience
* 2-3 years experience with API Security
* 2-3 Cloud Experience (AWS)
* Experience with WAF, or similar application security infrastructure a plus
* Gitlab Experience a plus
* Experience in integrating security in CI/CD, DevOps a plus
* Knowledge of Security concepts, like IAM, Encryption, Network Security, Cloud Security
* Able to communicate effectively with non-technical staff and with members of interdisciplinary teams.
* Flexible and adaptable in regards to learning and understanding new technologies.
* Strong understanding of bank systems and processes preferred.
* Strong written, oral, and interpersonal communication skills.
* Highly self motivated and directed.
* Keen attention to detail.
* Proven analytical and problem-solving abilities.
* Ability to effectively prioritize and execute tasks in a high-pressure environment.