Senior Security Application Engineer - Remote
Kforce
2021-08-16T12:16:57Z
Phoenix
Arizona
United States
Engineering
(No Timezone Provided)
Kforce's client, a rapidly growing Technology Company in Phoenix, AZ, is seeking a remote Application Security Engineer. We are working directly with the Hiring Manager on this exclusive search assignment. This position is 100% remote. The company offers an excellent compensation package including base salary, annual bonus and a generous amount of shares of Stock/RSU's, etc. The Senior Security Application Engineer make sure the company's platform is secure by design and to guide software delivery teams. The Senior Security Application Engineer will be a key contributor to direct security architecture and design for a talented engineering team working closely with the business team to deliver value. Responsibilities of the Senior Security Application Engineer include:
- Working closely with agile software development teams during the design and development process to guide secure feature design and secure coding practices
- Developing application threat models for web, mobile, microservices, and public API's and mitigation strategies for securing our technologies
- Teaching scrum teams how to develop and maintain feature level threat models and mitigate the vulnerabilities
- Conducting static and dynamic code analysis using industry standard tools
- Performing manual and automated code reviews
- Developing, and teaching, secure coding standards and practices
- Participate in pen testing activities and help the teams mitigate vulnerabilities
- Work closely with development teams to ensure security at each layer of microservices/container development
- Be the point of contact for helping teams with Threat Models, Risk Ratings, Security mitigations, and ability to talk through these conversations as a teacher
- Be an active participant for the Security Guild as a trainer, advisor, and a leader of the meetings
- Work with developers and Technical Security to ensure vulnerabilities are identified and remediated within the development pipeline
- BS degree in Computer Science, Computer Engineering, or other Engineering Discipline is preferred
- Certifications preferred CEH, OSCP, GWAPT, LPT or ECSA are preferred
- Certifications desired such as CIISP, CSSLP, and GSSP is preferred
- 5-7+ years of experience directly involving the design of secure application features and design patterns for enterprise class .NET based Web Applications
- Demonstrated knowledge developing system and application threat models for enterprise applications and designs to mitigate high risk application threats
- Experience training development teams to develop their own application threat models
- Knowledge of OWASP top 10, OWASP API top 10, and related exploitation techniques, including but not limited to cross-site scripting, SQL injections, session hijacking and insecure direct object references, to obtain controlled access to target systems and mitigating factors for these instances
- Strong understanding of implementing secure web services and identifying vulnerabilities in REST and legacy web services
- Experience with commercial dynamic and static application scanning tools (DAST)
- Significant experience performing code reviews to instill understanding of good design principals in other team members
- Strong understanding of SOLID software design and implementation principles
- Strong understanding of 12 factor application architectures
- C# Development Skills
- Advanced Cloud development, .NET Core, ASP.Net, MVC 5, and Web API skills
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Senior Security Application Engineer - Remote
Kforce's client, a rapidly growing Technology Company in Phoenix, AZ, is seeking a remote Application Security Engineer. We are working directly with the Hiring Manager on this exclusive search assignment. This position is 100% remote. The company offers an excellent compensation package including base salary, annual bonus and a generous amount of shares of Stock/RSU's, etc. The Senior Security Application Engineer make sure the company's platform is secure by design and to guide software delivery teams. The Senior Security Application Engineer will be a key contributor to direct security architecture and design for a talented engineering team working closely with the business team to deliver value. Responsibilities of the Senior Security Application Engineer include:
- Working closely with agile software development teams during the design and development process to guide secure feature design and secure coding practices
- Developing application threat models for web, mobile, microservices, and public API's and mitigation strategies for securing our technologies
- Teaching scrum teams how to develop and maintain feature level threat models and mitigate the vulnerabilities
- Conducting static and dynamic code analysis using industry standard tools
- Performing manual and automated code reviews
- Developing, and teaching, secure coding standards and practices
- Participate in pen testing activities and help the teams mitigate vulnerabilities
- Work closely with development teams to ensure security at each layer of microservices/container development
- Be the point of contact for helping teams with Threat Models, Risk Ratings, Security mitigations, and ability to talk through these conversations as a teacher
- Be an active participant for the Security Guild as a trainer, advisor, and a leader of the meetings
- Work with developers and Technical Security to ensure vulnerabilities are identified and remediated within the development pipeline
- BS degree in Computer Science, Computer Engineering, or other Engineering Discipline is preferred
- Certifications preferred CEH, OSCP, GWAPT, LPT or ECSA are preferred
- Certifications desired such as CIISP, CSSLP, and GSSP is preferred
- 5-7+ years of experience directly involving the design of secure application features and design patterns for enterprise class .NET based Web Applications
- Demonstrated knowledge developing system and application threat models for enterprise applications and designs to mitigate high risk application threats
- Experience training development teams to develop their own application threat models
- Knowledge of OWASP top 10, OWASP API top 10, and related exploitation techniques, including but not limited to cross-site scripting, SQL injections, session hijacking and insecure direct object references, to obtain controlled access to target systems and mitigating factors for these instances
- Strong understanding of implementing secure web services and identifying vulnerabilities in REST and legacy web services
- Experience with commercial dynamic and static application scanning tools (DAST)
- Significant experience performing code reviews to instill understanding of good design principals in other team members
- Strong understanding of SOLID software design and implementation principles
- Strong understanding of 12 factor application architectures
- C# Development Skills
- Advanced Cloud development, .NET Core, ASP.Net, MVC 5, and Web API skills
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.