Application Security Engineer
World Wide Technology
Posting ID: 5000727902306
Why should you join WWT?
Fueled by creativity and ideation, World Wide Technology strives to accelerate our growth and nurture future innovation. From our world class culture, to our generous benefits, to developing cutting edge technology solutions, WWT constantly works towards its mission of creating a profitable growth company that is a great place to work. We encourage our employees to embrace collaboration, get creative and think outside the box when it comes to delivering some of the most advanced technology solutions for our customers.
At a glance, WWT was founded in 1990 in St. Louis, Missouri. We employ over 7,000 individuals and closed nearly $13 Billion in revenue. We have an inclusive culture and believe our core values are the key to company and employee success. WWT is proud to announce that it has been named on the FORTUNE "100 Best Places to Work For®" list for the ninth consecutive year!
Want to work with highly motivated individuals that come together to form high preforming teams? Come join WWT today! We are looking for Application Security Engineers.
Application Services’ Application Security (AppSec) practice is dedicated to improving the consistency of practice and overall maturity of application security throughout our organization by educating and coaching teams and leaders to have a security-centric mindset. It is the AppSec practice’s primary responsibility to help custom software development teams understand a customer’s security posture and threat model and implement controls that are consistent with the threat model, assess security features for correctness, track security metrics, and support the team in following an incident response plan. In addition to supporting software delivery teams directly, AppSec engineers may also engage with other groups throughout World Wide Technology to perform vulnerability assessments and penetration testing, and collaborate with senior security consultants to deliver world-class solutions for customers.
Job Responsibilities/Essential Functions/Competencies
- Audit and support Application Services project delivery teams to ensure they are leveraging best practices and building an appropriate level of security into customer software.
- Assess and test software and systems for potential vulnerabilities and communicate findings to teams and customers.
- Build threat models and control catalogs for software teams; stay current on emerging threats.
- Develop test plans, automation, and processes to validate that application security controls and features are correct and complete; audit controls and identify areas for improvement.
- Select, deploy, and configure tools for security testing of applications and systems.
- Capture and communicate security metrics for environments, systems, and applications.
The following knowledge, skills, and attributes are required:
- Bachelor’s degree in Computer Science, Cybersecurity or a related field, or minimum of 5 years' experience in a related role or field.
- Strong technical background and understanding of systems architecture and infrastructure, information security, and automation tools e.g., Terraform, Chef, Puppet, Ansible, Maven.
- Strong understanding of Agile SDLC and DevSecOps concepts and practices.
- Familiarity with web application frameworks, API technologies, and micro services.
- Experience in one or more Object-Oriented programming language.
- Experience in one or more scripting languages (bash, python, power shell, etc.).
- Experience applying security standards/guidelines (such as OWASP, CIS, etc.)
- Understanding of Linux and Windows administration.
- Understanding of fundamental TCP/IP and related network services (e.g. DNS, NTP, SNMP, SMTP, etc.) and network security design concepts.
- Experience in 2 or more application security domains (e.g., Secure Coding, Cryptography, Penetration Testing, Vulnerability Assessment, Static and Dynamic Application Security Testing et.)
- Ability to solve complex problems and communicate risks and technical concepts to both technical and non-technical audiences.
- Excellent verbal and written communication skills.
- Ability to context-switch between multiple projects, codebases, and concepts with ease.
- Must be able to obtain and maintain a U.S. Security Clearance.
The following knowledge skills and attributes are preferred:
- Integration level knowledge of API Security Architecture, and technologies such as, OAuth2, Spring Security, HMAC, WS-Security, WS-Trust, or XACML.
- Experience developing secure RESTful APIs.
- Experience with application logging integration and products (Log4J, Logstash, Splunk etc.).
- Experience with cloud security architecture design patterns (AWS, Cloud Foundry, Azure etc.).
- Knowledge of OWASP Web/API vulnerabilities and compensating controls (CSRF, XSS, SQLI, etc.).
- Familiarity with encryption fundamentals: PKI, Encryption, Digital Signatures, & Key Management.
- Knowledge of Risk Controls framework, and Audit procedures (27000/1/2, NIST 800-53/171, DFARS etc.).
- Experience with Security Operational Management, including Change Management, Release Management, Incident Management, and Problem Management.
- Work-life balance and employee well-being are extremely important to us. Employees are expected to work 40 hours per week; however, working conditions are typically flexible.
- Teams normally establish core business hours. There may be rare circumstances when employees are asked to work over 40 hours in a week, but not required.
- Some minimal travel (up to 20%) may be required if travel is safe. Typically, this is reserved for team kickoff events, limited consulting engagements at a customer’s site, or critical meetings.
- This is a highly distributed and empowered team, and the successful candidate will be expected to manage much of their own time and workload, delivering high-quality service to our delivery teams, clients, and partners, with minimal supervision.
- This position will not have direct reports but will be primarily advising teams and working within a software development team’s organizational structure.
Diversity, Equity, and Inclusion is more than a commitment at WWT -- it is the foundation of what we do. Through diverse networks and pipelines, we have a clear vision: to create a Great Place to Work for All. We believe inclusion includes U. Be who U are at WWT!
WWT has implemented a vaccine requirement for all of its U.S. workforce. All new hires must be fully vaccinated by December 8, 2021. Appropriate religious and medical accommodations will be made.
Job Number: #21-0860
Posting Locations:St. Louis, Missouri
New York, New York
Maryland Heights, Missouri
Recruiter: Jean Chambers
Phone: (410) 579-3072