Application Security Engineer (Remote)

About Us:

Crane NXT is a premier industrial technology company that provides proprietary and trusted technology solutions to secure, detect, and authenticate what matters most to its customers. The company pioneered advanced, proprietary micro-optics technology for securing physical products. It's sophisticated electronic equipment and associated software leverage proprietary core capabilities with detection and sensing technologies.

At Crane NXT, we give people confidence every day in moments that matter.

Together, we are a passionate team of creators and problem solvers, united by our mission to secure, detect, and authenticate what matters most.

Around the world, our customers trust us to anticipate their needs with innovative, reliable, and high-quality solutions and services—just as they have for generations.

It’s how we are creating a more secure world and helping people have confidence every day in moments that matter.

Basic Function:

As an Application Security Engineer, you will be responsible for helping to ensure the products and applications designed and produced in our various business units remain safe and secure. This position provides a critical independent overview of the security for our devices and applications. It is responsible for understanding industry standards, trends and tools, ensuring that Crane NXT business units are using the standard tools and processes to ensure the best security posture of firmware developed for devices and applications related to Crane NXT’s various products and services.

Responsibilities:

• Help the organization evolve its application security functions and services.
• Maintaining and administering code scanning and learning tools.
• Understand and review tool capabilities.
• Ensuring permissions and policies are up to date and reflecting current standards.
• Managing annual training requirements.
• Working with the relevant DevOps teams, to integrate code scanning tools into build pipelines for actively supported products.
• Support of HSM and Appsec API including device keys and certs including Manufacturing key injection security functionality.
• Provide leadership for application vulnerability scanning and penetration testing remediation
• Provide support to the Application Security Manager on all application security activities
• Represent the organization in Application Security programs
• Actively participate in security initiatives with minimum supervision
• Provide guidance to junior-level security engineers
• Follow security best practices in performing tasks.
• Work closely with cross-functional teams (Engineering, DevOps, Product) while carrying out daily tasks.
• Contribute to requirement gathering with product teams.
• Work together with cross Business Unit teams on executing standardized security solutions and integrations.

Qualifications:

• Bachelor's degree in engineering, computer science, security or related field, or equivalent combination of education, training and experience.

• Minimum of 10 years of experience in the following:

  • Security code vulnerability / penetration processes.

  • Software or firmware development in C#, C++ and Java.

  • DevOps Processes and Tools such as Jenkins, Gitlab.

  • Problem Solving

• Good understanding of industry cryptography processes and standards.

• Good knowledge and experience of Infrastructure as code technologies such as terraform.

• Good knowledge and experience of Cloud technologies. AWS, Azure preferred.

• Ability to travel up to 10%

Crane NXT is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, or national origin or any other characteristic protected under applicable federal, state, or local law.

#NXT #LI-REMOTE