Application Security Engineer

Advantage Tech is looking for an Application Security Engineer Developer to work in the Lenexa, KS area.  If you’re looking for a great opportunity to collaborate with a team of entrepreneurs, and be part of a growing company, you’ve come to the right place.

Job Description:

Reporting to the Director of Information Security, the Senior Application Security Engineer will lead the Application Security Program. The position will: a) evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques; b) provide expert guidance to developers on the appropriate selection and implementation of relevant application security controls across the application portfolio; c) advises and consult internal clients/teams on appropriate application of security practices and existing security services to solve problems or enable new business opportunities. 

Provide overall leadership to the application security program. This includes program leadership of a software assurance model such as OPEN SAMM/OWASP SAMM or others, and technical leadership and collaboration efforts with application security team leads and delivery managers throughout to integrate application security into the SDLC.

Evaluates applications for appropriate and effective use of security controls. Conducts application code, web application and other vulnerability scans using SAST, DAST and other security scans/vulnerability tools and techniques. Ensures that new applications or applications undergoing a major change are assessed for vulnerabilities prior to production implementation.

Provides expert guidance on secure coding practices. Provides technical consultation in assisting development and engineering staff in appropriate selection and implementation of relevant application security controls across the application portfolio.

Administers application/vulnerability management security tools. Serves as system administrator for Application Security tools, set including Static Application Security Tools (SAST) and, Dynamic Application Security Tools (DAST), including installation, setup, configuration, administration, conducting scans. Serves as subject matter expert for the Application Security Tools. Coordinates integration of tools into SDLC process including integration in the Integrated Development Environment (IDE) tools, Continuous Integration and Continuous Development (CI/CD) pipeline tools.

Analyzes and reports on vulnerability scan results data for trending, business impact, prioritization. Produces various routine and ad-hoc reports, resulting from analysis of scan result data. Produces metrics, including application/vulnerability security dashboards, and scorecards to meet the needs of staff including executives, internal staff/contractors such as Development/IT/Network and Hosting staff.

Design, develop and deliver presentations focused on raising awareness for application security and defensive programming techniques.

Builds relationships with internal technical customers including Development/IT/Network and Hosting staff to assure collaborative approach to improving and maintaining the security posture of Mediware.

Documents security and vulnerability findings and all work activities efforts following  technical standards, using approved methods. As needed, participates in the development, review, and finalization of documentation, best practices and procedures to improve and maintain the security posture.

Assists in enhancing the security program through evaluation of tools, implementation of automation of security testing and other process improvements.

Participate in the training and/or mentoring programs as assigned or required.

Adhere's to the company's Values and supports a positive company's culture

Responds to the needs and requests of clients and management and staff in a professional and expedient manner.

Other Duties As Assigned  

 

Job Qualifications:

Required Education and/or Experience

  • B.S or M.S in Computer Science, or equivalent education or experience.
  • 3 years of experience in application security testing.
  • 3-5 years of experience with application security or development (.Net, Java, C++, PHP, Node.js, JavaScript, HTML) with focus on secure, Internet-exposed, multi-tier web-based systems.
  • 2 years of experience with HP Fortify, CheckMarx, Veracode; or Syonpsys
  • Experience leading teams, collaborating with others across organization;
  • Applying good risk-based judgment to complex problems.
  • Excellent troubleshooting, listening and problem-solving skills
  • Candidate should have experience making and defending sound technical arguments that incorporate relevant technical and business considerations, and building consensus among stakeholders.
  • Able to work in a fast paced deadline oriented environment
  • Customer focused
  • Works well in a team environment
  • Strong written and oral communication skills.
  • Ability to think analytically and to understand and communicate quantitative information

Advantage Tech is proud to be recognized as Kansas City Business Journal’s #1 locally owned IT staffing firm. We are passionate about delivering world-class service and value to our clients.  Advantage Tech’s customized recruiting model enables us to place consultants locally and nationally. Our clients want the best candidate at the most reasonable rate within a set timeframe; that’s precisely what we provide them.  We go even further.   Our consultant retention program gives our clients the added comfort our people will perform well and finish the project.

Please visit advantagetech.net to learn more about our culture, benefits and career opportunities

#advantagetech

Submit Resume