The Application Engineer, Cyber Security is responsible for building, managing and supporting information security that underpins all internal and external user technology services, according to security policies and best practices.

The Application Engineer, Cyber Security has strong development experience in numerous programming languages and is the subject matter expert (SME) for concepts behind security controls and how they apply to application development, web presence and API services. This individual is accountable for identifying weaknesses in our security posture within the application or web space while defining methods to achieve security control requirements via automation or highly efficient means that further support timely delivery with minimal overhead. They work across internal and external teams of infrastructure specialists and software engineers making sure services are delivered and used securely as required, offering advice and guidance on security decisions and ensuring the effective use of common tools and patterns.

The incumbent must have a service-oriented mentality, a high sense of ownership of the problems and requests assigned, a focus on managing and resolving issues in alignment with the SLAs, establishing and maintaining communication with technology customers to keep them updated with status of their requests, initiating and performing changes on production systems and proactively escalating any issues that cannot be resolved within the established timeframes.

Additional insights, experience or background in any of the following are also of great value: NIST, ISO27001, Data Protection, Python Development, Static Code Analysis, Dynamic Code Analysis, Penetration Testing, Containers, MicroServices, CI/CD Pipeline, Agile, Git, Jira, Docker, Kubernetes, cloud security (AWS, Azure, GCP) and design, process maturity, and other related focuses.

Primary Accountabilities

Technical (80%)

Be the security representative for multiple product lines and act as the point of contact for software engineering and security.
Perform architecture reviews to steer projects in the right direction, participate in security code reviews, and automate penetration testing against products prior to move to production.
Support software engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure their architecture.
Review development frameworks for security functionality, consistency, and uplift opportunities.
Create threat models and leverage them to prioritize time based on risk impact.
Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects.
Implement and/or assess existing security controls.
Translate logical designs into physical designs; produce detailed designs and document all work using required standards, methods and tools, including prototyping tools where appropriate.
Design systems characterized by managed levels of risk, manageable business and technical complexity and meaningful impact; works with well-understood technology and identifies appropriate patterns.

Project Management (20%)

Work with application development teams to ensure secure software development lifecycle (S-SDLC) implementation and validation.
Educate and train product teams.
Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical cyber security subjects.

Required Qualifications

Bachelor’s degree in Computer Science, Information Technology or related field
8-10 years of related work experience with application security, e.g. DAST, SAST, SCA, cloud security
Or any equivalent combination of experience and training/certification that provides the required knowledge, skills, and abilities needed to complete the major responsibilities/essential functions of the position
Certifications preferred. OSCP, CISSP, GCIH, GXPN, GPEN
Working experience in web and mobile application security
Working experience in distributed platform development security and design
In-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)
Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)
Working experience with industry tools and technologies such as Burp, Metasploit, etc.
Working knowledge of common languages such as Python, GO, Javascript, Java, etc.
Familiarity in public cloud security deployment and implementation issues (AWS, Azure, GCP)
Familiarity with audits and standards requirements such ISO 27001, PCI DSS, SOC 1 & 2, etc.
Proven expertise in enterprise-grade and web scale security solutions

Specific Technical Skills Needed

Security and Risk Assessment

Aware of Security governance principles and able to apply them to the enterprise
Understands the legal and regulatory Issues relevant to the enterprise and does not place the enterprise at risk.

Security Engineering

Working knowledge of secure design principles
Working knowledge of database security
Working knowledge of cloud computing
Working knowledge of Cryptography

Identity and Access Management

Physical and logical access
LDAP
Multi-factor authentication
Session management
Credential management

Software Development Security

Working knowledge of software development lifecycles
Working knowledge of what software development methodologies are used in the enterprise and can explain what it means
Familiar with DevOps concepts
Working knowledge of security vulnerabilities and understands how the following work: Bounds checking, Input/output validation, Buffer overflow, Privilege escalation
Working knowledge of secure coding practices
Working knowledge of code repositories

Individual Competencies

Integrity: Gains the trust of others by taking responsibility for own actions and telling the truth.
Teamwork: Builds relationships and works cooperatively with others, inside and outside the organization, to accomplish objectives to build and maintain mutually-beneficial partnerships, leverage information and achieve results.
Adaptable: Responds to change with a willingness to learn new ways to accomplish work objectives with a positive attitude.
Innovative: Ability to develop, sponsor, or support the introduction of new and improved methods, products, procedures or technologies.
Curious: A desire to inquire and learn, to seek new knowledge and wisdom, and to listen to the contributions of others with a genuine interest to better self, the team, and the organization.
Analytical and Critical Thinking: Ability to tackle a problem by using a logical, systematic, sequential approach.
Problem Solving: Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.

The physical demands described here are representative of those that must be met by an associate to successfully perform the major job responsibilities (essential functions) of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the major job responsibilities. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job.

While performing the duties of this job, the associate is:

Regularly required to use hands to finger, handle or feel objects, tools or controls, and reach with hands or arms.
Regularly required to talk or hear and read instructions on a computer monitor and/or printed on paper.
Occasionally required to stand, kneel or stoop, and lift and/or move up to ## pounds.
Regularly required to view items at an extremely close range and must be able to adjust and readjust focus.

Occasionally: Job requires this activity up to 33% of the time

Frequently: Job requires this activity between 33% - 66% of the time

Regularly: Job requires this activity more than 66% of the time

Safety

Support a safe work environment by following safety rules and regulations and reporting all safety hazards.

As An Inmar Associate, You

Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations.
Treat clients and teammates with courtesy, consideration and tact; you also have the ability to perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client.
Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually-beneficial partnerships, leverage information to achieve results.
Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability.
Understand that results are important and focus on turning mission into action to achieve results following the principles of Flawless Execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.

Additional Information

The national average hiring range for this job is $90000 - $130000 and the salary can fluctuate based on geographic location and qualifications. Pay is based on several factors which may include, but are not limited to: education, work experience, certifications, labor markets, etc. This role includes an opportunity for

company-wide annual discretionary bonus, through our Core Company

Performance Bonus.

The actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate’s offer letter.

In addition to salary, Inmar Associates are eligible for competitive benefits for

themselves and their families which include: Medical, Dental, Vision, & Voluntary Basic and Supplemental Life Insurance 401(k) with company match, Health Spending Accounts, a generous flexible time off plan plus 11 company paid holidays, Tuition & Adoption Reimbursement, Maternity Adoption & Parental Leave.

Looking for remote jobs near your area? At Yulys, thousands of employers are looking for exceptional talent like yours. Find your perfect fit now.