Diverse Lynx
Application Security Engineer
Diverse Lynx, Norfolk, Virginia, United States, 23500
Job Description:
Top Qualifications:
1. SAST, DAST, OSS
2. Secure Coding, OWASP TOP 10
3. Tools like Checkmarx, Fortify, Coverity, Gitlab etc.
Job Summary:
The contracted Application Security Engineer will be responsible for designing and implementing security solutions for specific applications and systems. This role demands close collaboration with software developers to ensure applications are secure and compliant with relevant security standards.
Required Skills: •OWASP-ZAP •Sec Practices - OWASP Top 10 •HCL Appscan
Responsibilities: •Secure Configuration Management: Employ secure configuration management processes. •Consistency with Cybersecurity Guidelines: Ensure that acquired or developed system(s) and architecture(s) are consistent with the organization's cybersecurity architecture guidelines. •Business Function Prioritization: Identify and prioritize critical business functions in collaboration with organizational stakeholders. •Security Reviews and Risk Management: Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. •Impact Analysis: Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. •Security Evaluation: Evaluate security architectures and designs to determine the adequacy of security design and architecture. •Security Control Documentation: Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately. •Define Security Patterns: Create security patterns, providing frameworks or templates for addressing recurring cybersecurity issues. •Collaboration with Developers and Operations: Work closely with both developers and operations teams to ensure the deployment of secure solutions. •Stay Updated with Security Trends: Remain current with new security vulnerabilities, threats, and industry developments to ensure that security solutions and protocols are up-to-date. •Training and Development: Train other team members and developers on current security practices and potential threats. •Infrastructure Security Design: Collaborate with the infrastructure architect to design a secure environment. •Okta Integration: Assess and ensure the secure integration and configuration of Okta for identity and access management within the organization's applications. •Illumio Segmentation: Analyze and define security boundaries using Illumio for network segmentation to protect sensitive data and reduce attack surfaces. •Code Review: Conduct thorough reviews of application code to identify and remediate security vulnerabilities, ensuring the codebase adheres to best security practices. •Incorporate Security Patterns: Ensure that established security patterns and protocols are effectively incorporated into the application development process to maintain robust security standards. •Secure Coding Practices: Implement best practices for secure coding and advise development teams on mitigating security issues in their code.
Skillset Required: An exceptional Application Security Engineer candidate should possess the following skills: 1. Proficiency in several programming languages (Java, C++, Python, .net, etc.) 2. Understanding of Secure Software Development Life Cycle (SDLC) 3. Deep knowledge of security architectures, protocols, and standards 4. Skill in risk identification and application threat modeling 5. Experience using security tools for code reviews and application vulnerability scanning 6. Proficiency in encryption methods and standards 7. Ability to design, test, and implement secure applications 8. Broad knowledge of system infrastructure, software, and hardware 9. Relevant certifications like CISSP, CSSLP, or CISM 10. Excellent communication skills to simplify complex security concepts 11. Experience integrating systems with APIs and interacting with SaaS solutions 12. Experience with Cloud services from AWS, Azure, Google 13. Experience with SSO integrations and modern authentication methods 14. Knowledge of data security methods, tokenization, encryption, and secure communications
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.
Required Skills: •OWASP-ZAP •Sec Practices - OWASP Top 10 •HCL Appscan
Responsibilities: •Secure Configuration Management: Employ secure configuration management processes. •Consistency with Cybersecurity Guidelines: Ensure that acquired or developed system(s) and architecture(s) are consistent with the organization's cybersecurity architecture guidelines. •Business Function Prioritization: Identify and prioritize critical business functions in collaboration with organizational stakeholders. •Security Reviews and Risk Management: Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. •Impact Analysis: Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. •Security Evaluation: Evaluate security architectures and designs to determine the adequacy of security design and architecture. •Security Control Documentation: Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately. •Define Security Patterns: Create security patterns, providing frameworks or templates for addressing recurring cybersecurity issues. •Collaboration with Developers and Operations: Work closely with both developers and operations teams to ensure the deployment of secure solutions. •Stay Updated with Security Trends: Remain current with new security vulnerabilities, threats, and industry developments to ensure that security solutions and protocols are up-to-date. •Training and Development: Train other team members and developers on current security practices and potential threats. •Infrastructure Security Design: Collaborate with the infrastructure architect to design a secure environment. •Okta Integration: Assess and ensure the secure integration and configuration of Okta for identity and access management within the organization's applications. •Illumio Segmentation: Analyze and define security boundaries using Illumio for network segmentation to protect sensitive data and reduce attack surfaces. •Code Review: Conduct thorough reviews of application code to identify and remediate security vulnerabilities, ensuring the codebase adheres to best security practices. •Incorporate Security Patterns: Ensure that established security patterns and protocols are effectively incorporated into the application development process to maintain robust security standards. •Secure Coding Practices: Implement best practices for secure coding and advise development teams on mitigating security issues in their code.
Skillset Required: An exceptional Application Security Engineer candidate should possess the following skills: 1. Proficiency in several programming languages (Java, C++, Python, .net, etc.) 2. Understanding of Secure Software Development Life Cycle (SDLC) 3. Deep knowledge of security architectures, protocols, and standards 4. Skill in risk identification and application threat modeling 5. Experience using security tools for code reviews and application vulnerability scanning 6. Proficiency in encryption methods and standards 7. Ability to design, test, and implement secure applications 8. Broad knowledge of system infrastructure, software, and hardware 9. Relevant certifications like CISSP, CSSLP, or CISM 10. Excellent communication skills to simplify complex security concepts 11. Experience integrating systems with APIs and interacting with SaaS solutions 12. Experience with Cloud services from AWS, Azure, Google 13. Experience with SSO integrations and modern authentication methods 14. Knowledge of data security methods, tokenization, encryption, and secure communications
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.