Job thumbnail

100% Remote Application Security Engineer

TEKsystems

07/19/2021

Posting ID: JP-001984102

Full Time
Share:Facebook iconTwitter iconLinkedin icon

Description:

Responsibilities: • Provide security consultative support for the following: o Following up with development teams as it relates to SAST, OSS/OSA, and DAST vulnerably scan result reviews in addition to helping identify false positives/negatives during remediation planning. o The analysis of application and web server misconfigurations as requested by CIRT team leadership in the process of determining sensitive data leakage o Cross functional team collaboration for determining the appropriate implementation of security controls using a risk-based approach o Vendor application security risk assessments during contracting due diligence efforts o Conducting risk assessments of security controls as they pertain to enterprise IT assets and related potential business impact o Reporting the remediation status of flagged application vulnerabilities via defined processes • Utilize enterprise CMDB resources for: o Discovering stale DNS records (externally facing A and MX records) that map to production Mutual proprietary applications o Asset ownership determination for vulnerability remediation o Host configuration for risk assessment documentation o Conducting periodic reviews of application security controls via vulnerability hunting based upon the current OWASP Top 10 list • Provide application security governance over: o policies implemented within AST tools in the CI/CD Pipeline o Reviewing web application firewalls (WAFs) logs as it pertains to traffic flow optimization and rule definitions o Provide guidance for enterprise secure coding best practices and developer training o Continuously learn about the many technologies implemented within the Mutual IT domain and application development stack in addition to understanding how published vulnerabilities may be exploited by malicious users o Collaborate with team members on process definitions/improvements for documentation purposes Essential Skills: • Knowledge of the OWASP Top 10 vulnerabilities, manual exploitation for proof of concept purposes, and remediation • Experience using web application scanners and http proxy tools such as Burp Suite, OWASP ZAP, Tenable, etc. • Ability to determine application risk from analyzing associated security controls • Basic understanding of SAST, DAST, OSS/OSA • General knowledge of CI/CD Pipeline architecture and tools • Experience using application security scanning tools within a CI/CD context • Experience configuring/monitoring a Web Application Firewall (WAF) • Basic understanding of scripted/command languages such as PowerShell, python, ruby, bash, etc. • Basic understanding of compiled languages such as Java, C#, etc. • Experience using source code repository technologies for version control purposes • Good understanding of application server technologies such as Windows IIS, IBM WebSphere/WAS, Apache, etc. • Basic understanding of the Metasploit framework and pen testing tools such as those within the Kali Linux distribution Preferred Skills: • SAFe Agile Methodologies within an SDLC • Experience using application security scanning tools like Checkmarx, WhiteSource, etc. • Experience automating routine work for increased productivity • Experience with log analysis for identifying and triaging security events and incidents • Experience with JavaScript library/runtimes such as Node.js, React, GWT, jQuery, etc.

Skills:

owasp, SAST, DAST, penetration test, application security, waf, RASP

Top Skills Details:

1. Testing and Hardening against OWASP Top 10 vulnerabilities – using tools such as Burp Suite, Zap, Tenable, etc. 2. SAST/DAST (Static Application security testing) & (Dynamic Application Security Testing) – Tool experience such as: Checkmarx, WhiteSource, Fortify, etc. 3. Experience with Development languages – JavaScript library/runtimes such as Node.js, React, DTW, jQuery, etc. *Any experience with RASP (Runtime Application Self-Protection) is a bonus - will receive training and experience implementing this at an enterprise level if candidate does not have previous experience with RASP but has a strong foundation with the Top 3 skills

Additional Skills & Qualifications:

Soft Skill Required: • The individual demonstrates the ability to delegate/communicate what they're working on in order to facilitate collaboration between teammates and other employees. • Experience collaborating with development teams to recommend

Experience Level:

Intermediate Level

About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

Contact Information

Recruiter: Jean Chambers

Phone: (410) 579-3072

Email: jchambers@careercircle.com

Related Courses

Blog