Industrial Electric Mfg Inc
Application Security Engineer Job at Industrial Electric Mfg Inc in Fremont
Industrial Electric Mfg Inc, Fremont, CA, US
IEM (Industrial Electric Mfg.) is the largest independent full-line manufacturer of custom electrical distribution and power quality equipment in North America. IEM is delivering customer-specific solutions to meet the ever-changing power requirements of growth industries across the world. This position offers an exciting opportunity within an innovative, growing company, with a backlog of bookings that go beyond 3 years. Purpose of Position: We are seeking a talented Application Security Engineer to join our dynamic team and play a crucial role in safeguarding our software products. The Application Security Engineer will be responsible for identifying and mitigating security vulnerabilities in our software applications throughout their lifecycle. This role involves collaborating closely with development teams to implement secure coding practices, conducting security assessments, and ensuring that our applications adhere to the highest security standards. The Application Security Engineer also performs security assessments, penetration testing, and vulnerability management to identify and remediate security risks. Key Responsibilities: Collaborate with development teams to design and implement secure software architectures and coding practices. Perform regular security assessments, including static and dynamic code analysis and penetration testing, to identify vulnerabilities and recommend remediation strategies. Work with development teams to integrate secure coding practices and ensure that security is a fundamental aspect of the software development lifecycle. Promote and integrate security best practices into the software development lifecycle for both internal and external applications. Provide guidance and support to development teams on secure coding standards and security architecture. Track, prioritize, and manage vulnerabilities discovered in applications, and work with stakeholders to resolve them promptly. Collaborate with the incident response team to address security incidents, including analyzing and mitigating any impact on applications. Analyze incidents to identify root causes and recommend preventive measures. Evaluate, implement, and manage security tools and technologies that enhance application security. Utilize and manage security tools for code analysis, vulnerability scanning, and application monitoring. Stay updated on emerging security technologies and methodologies. Ensure applications comply with industry standards and regulations such as OWASP Top Ten, PCI-DSS, and GDPR. Provide training and guidance to development teams on secure coding practices, application security threats, and best practices. Maintain comprehensive documentation of security assessments, vulnerabilities, remediation efforts, and security policies. Evaluate the security posture of third-party applications and integrations. Assess vendor applications, conduct security reviews, and work with vendors to address any identified security issues. Automate security testing and vulnerability management processes. Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field; advanced degree or relevant certifications (e.g., CISSP, CEH, OSCP, GSEC) preferred. Minimum of 5 years of experience in application security or a related field, with a strong understanding of software development and security principles. Strong understanding in secure coding practices, common security vulnerabilities (e.g., SQL injection, XSS), and experience with security tools (e.g., static/dynamic analysis tools). Strong understanding of web application security concepts, including OWASP Top 10, SANS 25, and common vulnerabilities. Knowledge of programming languages such as Java, C#, Python, PowerBI, or JavaScript. Strong problem-solving skills with the ability to analyze complex security issues and provide practical solutions. Excellent communication skills with the ability to convey technical concepts to non-technical stakeholders. Ability to work collaboratively with cross-functional teams. Preferred Skills: Experience with cloud security and securing cloud-based applications. Knowledge of container security (e.g., Docker, Kubernetes). Familiarity with DevSecOps practices and tools. Familiarity with continuous integration and deployment (CD/CD) processes. Knowledge of Agile development methodologies.