Sr. Application Security Engineer

at Trinet
Location Remote, United States of America
Date Posted October 7, 2021
Category Default
Job Type Full-time


TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic
partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance
and employee benefits, including health insurance, retirement plans and workers’ compensation insurance.
TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you’re passionate about innovation and making an impact on the large SMB
market, come join us as we power our clients’ business success with extraordinary HR.
The Sr. Application Security Engineer will support Enterprise initiatives helping to provide expertise on
Application Security, including helping to review of current state applications to identify defects. In addition,
they will help to establish the required application layer security controls, analyze frameworks for improvements and develop implementation plans. They will work with the Sr Application Engineers on the team
to set policies and rules for application security, review and analyze Statistic Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tooling rules and optimize requirements.

• Supports Enterprise Security Architect direction and execution with goal of improving overall application
• Provides training and expertise to various teams on specific relevant topics (example OWASP Top 10 2017).
• Understands and assists in Layer 7 Firewall Rules.
• Assists in design and security of the Continuous Integration and Deployment (CICD) pipeline, automation, and
risk tolerance.
• Assists in providing consultation for the design, delivery and quality of secure data application and
infrastructure solutions through risk management, guidance, education, and information security expertise for
business areas
• Supports the enterprise by enabling secure solutions spanning applications, services, and vendor capabilities,
platforms, offerings, and technical architectures
• Documents and raises policy exceptions or compliance deviations for review and risk assessment
• Supports the information system owner in selecting security controls and provides control validation
• Assists in validating vulnerabilities identified by penetration and vulnerability assessments.
• Other projects and responsibilities may be added at the manager’s discretion•

• Bachelor’s degree desired; or equivalent education and/or related work experience.
Training Requirements (licenses, programs, or certificates):
• The following certifications are preferred: CCSK, Security+, CEH, CRISC, or OSCP
• OWASP Membership and demonstrated usage
• Minimum 5 Years in application security
• Burp Suite experience and proficiency is required
• Experience with OWASP Foundation frameworks and tools
• OO Languages (Java Preferred)
• Automation tooling (Ansible, Puppet, Jenkins etc.)
• Patch management
• Scripting (Bash/Perl/Python/PHP/JS)
• Usage and understanding of App Layer Frameworks (e.g. ESAPI, Spring Security)
• API Security
• Practical experience in general Cloud Security preferred
Other Knowledge, Skills and Abilities:
• Knowledge and understanding of the following concepts: SDLC, CI/CD, and OWASP topics.
• Excellent verbal and written communication skills
• Ability to communicate with employees at all levels of the organization
• Excellent interpersonal skills
• Excellent presentation and facilitation skills
• A demonstrated commitment to high professional ethical standards and a diverse workplace
• Ability to adapt to a fast paced continually changing business and work environment while managing multiple
• Ability to show understanding of UTM/NGFW Rules
• Knowledge of the overall information security policies, program, and risk posture as well as capabilities
including but not limited to access management and encryption
• Possess ability to articulate security requirements and tasks that need to take place throughout the Solution
Development Lifecycle
• Possess ability to identify deficiencies in security, risk, or compliance and articulate options for compensating
controls to both technical and non-technical audience
• Ability to research and perform Risk Assessments
• Ability to document application architecture artifacts.
• Strong knowledge and understanding of both state and federal employment laws

WORK ENVIRONMENT/OTHER INFORMATION (Travel required, physical requirements, on-call schedules, etc.)
• Minimal travel required
• Work in clean, pleasant, and comfortable office setting
• The work environment characteristics described here are representative of those an employee encounters
while performing the essential functions of this job. Reasonable accommodations may be made to enable
individuals with disabilities to perform the essential functions.
Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above
job description is not all encompassing. Position functions and qualifications may vary depending on business
TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion,
color, disability, medical condition, legally protected genetic information, national origin, gender, sexual
orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical
conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or
physical disability who requires an accommodation during the application process should contact to request such an accommodation

Drop files here browse files ...