Application Security Engineer - Remote

Job Seekers can review the Job Applicant Privacy Policy by clicking HERE.

We seek a highly motivated and experienced Application Security Engineer to join our growing security team. This role is highly technical and candidates must possess a solid understanding of the security and privacy of our company's applications and data.

The Application Security Engineer must understand development, coding, security engineering, and secure systems configurations. This position ensures that every step of the software development lifecycle (SDLC) follows security best practices. This involves conducting security assessments with SAST and DAST tools, reading source code, threat modeling, and designing and implementing secure software development practices. They will determine where security vulnerabilities exist and implement fixes. They must understand how an application may be misused and exploited. The Application Security Engineer will collaborate with software development teams and provide guidance on best practices for secure coding. They will also stay up to date on the latest security trends and technologies and integrate them into the organization's security strategy. The ideal candidate will have strong analytical and problem-solving skills, as well as experience in application security and knowledge of programming languages and web technologies. A Bachelor's degree in Computer Science and certifications such as CISSP, OSCP, or CASE are preferred.

1. Conduct security assessments that require expertise of our organization's applications using both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) methodologies.
2. Collaborate with software development teams to integrate security into the development life cycle.
3. Conduct security assessments of web, mobile, and other applications. Analyze security assessment results to identify security vulnerabilities and provide guidance on remediation.
4. Design and implement secure software development practices, including threat modeling, secure coding standards, and code review.
5. Stay current with security threats, trends, and technologies, and recommend new security controls as needed.
6. Conduct application security investigations and provide recommendations to mitigate risk.
7. Maintain security documentation, provide subject matter expertise, and collaborate on security policies, procedures, and standards.

• Performs other duties as assigned.

• Bachelor's degree in computer science, information security, or a related field

Five (5) years or more experience with OWASP, SAST, DAST, SCA, RASP and common security tools, required.

Seven (7) years or more application security, security engineering, software development, or a related field, required.

Five (5) years or more strong understanding of web application security and common attack vectors (e.g., SQL injection, XSS, CSRF), required.

Five (5) years or more experience with secure coding practices, threat modeling, and secure software development life cycle (SDLC) methodologies, required.

Five (5) years or more proven experience in diagnosing, isolating, resolving complex issues and recommending / implementing strategies to resolve problems, required.

Five (5) years or more demonstrated experience with systems integration processes, methodology and tools, required.

Seven (7) years or more development and scripting experience, required.

Five (5) years or more professional application security role, required.

Five (5) years or more experience with API and Web Security, required.

Three (3) years or more experience with WAF or similar application security infrastructure, preferred.

Seven (7) years or more experience in integrating security in CI / CD, DevOps, required.

Six (6) years or more experience in process or operation management, required.

Six (6) years or more experience with Value Stream Mapping, Continuous Flow, Pull Replenishment, and other process improvement methodologies, required.

Excellent communication skills, both verbal and written, with the ability to work effectively with cross-functional teams.

Ability to create and maintain professional relationships at all organizational levels.

Ability to work independently and collaboratively.

Self-driven, flexible, and capable of multi-tasking in a fast-paced environment.

Highly organized with excellent time management skills.

Proficiency in at least one scripting language (. PowerShell, bash, etc.), required.

Familiarity with NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR, and global regulations, required.

Experience with CI / CD tools like Azure DevOps, Terraform, or other automation technologies, required.

Risk management, vulnerability prioritization, threat modeling, and mitigation strategy experience, required.

• CISSP, OSCP, CASE, or other industry certifications, preferred.

1-10%

Applicants from California, Colorado, Hawaii, New Jersey, New York City, and Washington:

Salary ranges from $120,000 to $150,000, based on internal and market considerations. Employees may be eligible for an annual bonus.

Ryder offers comprehensive health and welfare benefits, including medical, prescription, dental, vision, life insurance, disability insurance, paid time off, and a 401(k) plan.

Application Security Engineer • Richmond, VA, United States