Sr. Application Security Engineer - Work from home

The Application Security Engineer role is responsible for identifying weaknesses in the security posture of applications and web services and defining methods to achieve security control requirements via automation or efficient means. Works with a team of infrastructure specialists and engineers to ensure services are delivered securely, supports third parties providing security services, and advises development and technical teams on security decisions using common tools and patterns.

• Act as the security representative for multiple product lines and as the point of contact for software engineering and security.
• Participate in security code reviews and automate penetration testing against products prior to production.
• Support engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure architecture.
• Review development frameworks for security functionality, consistency, and uplift opportunities.
• Create threat models and leverage them to prioritize work based on risk impact.
• Educate and train product teams.
• Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects.
• Implement and/or assess existing security controls.
• Translate logical designs into physical designs and produce detailed designs while documenting all work using required standards and tools.

• Work with application development teams to ensure secure software development lifecycle (S-SDLC) implementation and validation.
• Educate and train product teams.
• Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical cyber security subjects.

• Security and Risk Assessment: Aware of security governance principles and able to apply them to the enterprise; understands legal and regulatory issues relevant to the enterprise and does not place the enterprise at risk.
• Security Engineering: Working knowledge of secure design principles, database security, cloud computing, and cryptography.
• Identity and Access Management: Physical and logical access, LDAP, multi-factor authentication, session management, credential management.
• Software Development Security: Working knowledge of software development lifecycles, development methodologies, DevOps concepts, security vulnerabilities (bounds checking, input/output validation, buffer overflow, privilege escalation), secure coding practices, and code repositories.
• Individual Competencies: Integrity, teamwork, adaptability, innovation, curiosity, analytical and critical thinking, problem solving.
• Working Skills & Knowledge: Applications security, S-SDLC, SDLC, OWASP Top 10, developer, cloud, information security, code review, threat modeling.
• Experience: Bachelor’s degree in Computer Science, Information Technology or related field; 8–10 years of related work experience with application security (e.g., DAST, SAST, SCA, cloud security); or an equivalent combination of experience and training; certifications (OSCP, CISSP, GCIH, GXPN, GPEN) preferred; working experience in web and mobile application security; distributed platform development security and design; knowledge of OWASP and related standards; familiarity with HTTPS, TLS, OAuth; experience with Burp, Metasploit, etc.

TEKsystems is an Allegis Group company and an equal opportunity employer. We are a partner in transformation, helping clients activate ideas and solutions across North America, Europe and Asia.