Cybersecurity Engineer, Application Security

at ConsultNet
Location Flower Mound, TX
Date Posted November 2, 2021
Category Default
Job Type Full-time

Description

Job Title: Cybersecurity Engineer, Application Security
Location: Dallas, TX, Chicago, IL or Salt Lake City, UT
Status: Full-time

Our client is a lead in SaaS for Healthcare Provider industry. They are looking for a Cybersecurity Engineer Application Security to serve as the technical lead for the application security program and will be the application security subject matter expert for Cybersecurity, IT, and Line of Business colleagues. This role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security engineer addresses legacy and emerging security issues and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. As issues are uncovered, the application security engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation allowing for business continuity, but without negligent risk.

The successful candidate must be well-versed in application security and security operations. This role is responsible for validating that application services are designed and implemented with high security standards. This position will also be a member of the overall Cybersecurity Operations Team, and will participate in providing security operations technical analysis, assessment, and recommendations in the areas of real-time security situational awareness, operational security systems and applications systems security monitoring.

As a member of the team, the Cybersecurity Engineer Application Security requires a strong positive ability to execute the application security strategy directed by senior management. In addition to technical skills, the Cybersecurity Engineer Application Security is process-oriented and demonstrates effective problem-solving and communication skills. Considered a highly knowledgeable individual, the application security engineer is expected to recommend programmatic controls and monitor and manage secure development practices to address modern day issues.

Required Qualifications:

  • 2+ years' experience in cybersecurity, to include application risk management, system development and security background.
  • Understanding of Application Security programs and processes.
  • Knowledge of Security Operations, Incident Response, and Threat and Vulnerability Management, tools, processes, and standards.
  • Experience with static and dynamic application security testing (SAST/DAST) process
  • Strong drive and passion to for Cybersecurity Operations and Application Security; a quick learner with a strong attention to detail and quality.
  • Scripting language experience (PowerShell, Python, etc)
  • Excellent interpersonal and communication skills.

Desired Qualifications:

  • Experience with database security assessments
  • Cloud Workload Security Management
  • Certification (or ability to obtain certification) in at least one of the following areas: General Security (CISSP, GSEC), Cloud Security (GCLD, Cloud+, CCSK), and Ethical Hacking/Penetration Testing (OSCP, CEH, GPEN)
  • Experience with advanced cyber security tools, network topologies, intrusion detection, and secured networks
  • Understanding of NIST SP 800-61,SOC 2 AICPA controls and frameworks.

Responsibilities:

  • Be a dedicated engineer for the application security program and help the organization evolve its application security functions and services.
  • Client security exposures and develop mitigation plans, and report on and work as part of the Cybersecurity Operations Team to fix technical debt.
  • Work with Cybersecurity, IT, and Development teams on executing standardized application security solutions.
  • Collaborate and consult with the Development and Product teams on application security.
  • Perform application security vulnerability management, application security reviews and threat modeling.
  • Provide subject matter expertise for application vulnerability scanning and penetration testing, managing integration with vulnerability scanning tools such as Static Code Analysis and Dynamic Code Analysis tools
  • Participate in the design, build, and documentation of application security technology standards, processes, and operational workflows.
  • Maintain metrics & reports on the status of the R1 application security operations program.
  • Attend and participate in application projects and the change management process. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning.
  • Align with the Cybersecurity Architects and Application Development teams for a mission of secure design.
  • Regularly monitor the application security community for public-facing security issues, as well as to learn new tactics that can be used in testing.
  • As part of the overall Cybersecurity Operations Team, work in tandem with the security operations center (SOC), incident responders (when anomalous activity and host compromise occurs), and technology infrastructure and development team members.
  • Participate in established incident response procedures to ensure proper escalation,analysisand resolution of security events and incidents.
  • Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalation.
  • Analyze and correlate incident event data to develop preliminary root cause and corresponding remediation strategy.
  • Perform case management throughout the event and incident investigation lifecycle for complex security incidents.
  • Provide guidance to junior-level security engineers.

Be a part of the ConsultNet difference. As a leading national provider of IT staffing and solutions, ConsultNet delivers exceptional services to startup, midmarket and Fortune 1000 companies across North America. Since 1996, we've partnered with clients to create rewarding opportunities for our consultants, successfully building teams that have surefire results.

In the past two years alone, we have placed more than 1,500 consultants in contract, contract-to-hire, or direct placement opportunities. We understand communication is key to finding the right job that matches your skills and career goals. For us, it's not just the work that we do; it's how we do the work. Our breadth of offerings extends to multiple IT positions in major markets throughout the country, see more at - www.consultnet.com