Our fast-growing client has an immediate need for an Application Security Engineer to join their Information Security team. This position is based in their Dresher, PA office but occasional travel to their New York City office is required. This is a permanent, full time position.
- Ensure that any software developed by the Development team meets overall security standards and protects information.
- Lead all Application Security activities and be the driving force behind building out activities such as threat modelling, security automation in a continuous integration pipeline, code reviews, security standards, and creating a Security Champions network.
- Work with many functional teams to build out a DevSecOps pipeline and ensure that applications are secure
- Support Development to carry out application security reviews
- Provide expert advice and consultancy to Development, Testing and DevOps teams on risk assessment, threat modelling and fixing vulnerabilities
- Create security policies, standards, and procedures
- Evaluate new and emerging security products and technologies
- Run vulnerability scans and penetration tests through to mitigation
- The ideal candidate will come from a software development background and be interested in helping the development teams to consider possible security issues while writing the software.
- Experience providing developer security training
- Have the ability to fix code and work directly with developers
- Have a deep understanding and hands on experience of secure software development practices including threat modelling, secure design principles, secure coding, code analysis, security testing and Application Security automation, etc.
Cloud: Azure knowledge a massive plus but AWS and Google Cloud are beneficial
Preferred Certifications: OSCP, GPEN, CCSP, CSSLP, GWEB, GSSP, GSEC, CRISC, Azure/AWS Cloud Solution Architect