Bridgeview IT
Application Security Engineer
Bridgeview IT, Denver, Colorado, United States, 80285
TITLE:
Application Security EngineerLOCATION:
Denver, CO (hybrid)BENEFITS & PERKS:
Medical, Dental & Vision, 401(k)OVERVIEWThe Application Security Engineer plays a crucial role within the cybersecurity team, overseeing the management and fortification of web-based applications both on-premises and in the cloud. In this capacity, this role is tasked with crafting resilient web application firewall (WAF), Bot Mitigation/Defense, and DDoS mitigation configurations, ensuring robust defense against threats and vulnerabilities while preserving seamless business operations and customer experiences.HOW YOU WILL MAKE AN IMPACTServe as the primary authority and subject matter expert on Web Application Firewall (WAF), Bot Mitigation (BotM), and DDoS Mitigation platforms.Assess and devise cybersecurity architectures and designs that strike a balance between implementing robust security controls and fulfilling the functional requirements of the business.Define and cultivate security requirements through meticulous risk assessments, comprehensive threat modeling, rigorous testing, and insightful analysis of existing systems.Lead web application security functions, spearheading strategic initiatives to proactively tackle external, internal, and emerging application security risks across the organization.Set up new sites and applications for WAF/BotM safeguarding, conducting thorough traffic analysis to eliminate false positives and optimize protection efficacy.Collaborate closely with engineering and architecture teams to assess the security readiness of both new and existing applications introduced into the environment.Devise, test, and implement solutions and configurations with rule sets specifically crafted to safeguard against vulnerabilities and threats targeting both web-based and mobile applications.Lead compliance hardening governance across cloud and application landscapes, conducting meticulous checks on device configurations to ensure version compliance, and identifying and promptly mitigating weaknesses.Analyze reports stemming from vulnerability scans, penetration tests, web testing, to pinpoint areas of exposure and enhance application security posture in collaboration with application developers.Develop, oversee, and ensure compliance with the Secure Software Development Lifecycle (sSDLC) processes, aligning with industry best practices.Collaborate closely with cybersecurity and development teams to manage a comprehensive sSDLC process, integrating security testing functions (SAST, DAST, IAST, pen test) while balancing security and usability concerns.Develop and implement application security strategy throughout the CI/CD lifecycle.Document and maintain policies, standard operating procedures, and OWASP best practices for application and host integrity.Create and implement WAF/BotM rules and signatures to mitigate threats and adhere to best practices.Liaise with cybersecurity, threat intelligence, IT, software development, and third-party teams to address organizational cybersecurity architecture and system security engineering requirements throughout their lifecycles.REQUIRED EXPERIENCEBachelor’s degree required in: Business, Finance, Computer Science, Engineering, IT, or related field.7 + years of enterprise security or application security experience.7+ years of deploying, configuring, and managing Web Application Firewall (WAF) platforms.5+ years of deploying, configuring, and managing Bot Mitigation (BotM) platforms.5+ years of deploying, configuring, and managing DDoS Mitigation platforms.2 + years of hands-on experience in a cloud-native environment, such as Azure, AWS, or GCPHold an active cybersecurity certification, such as a CSSLP, CISSP, CISA, CCP, CSSLP, GCSA MCP, MCSE, SANS, or Microsoft AZ (highly desired, or equivalent experience is acceptable).Hold an active cybersecurity certification, such as: CSSLP, SANS, CISSP, CCNA, CISA, CCP, GCSA, MCP, MCSE, SANS, or Microsoft AZ (required, or willing to attain within 3 months of start date).Familiarity with tools like Fastly, Akamai, Radware, F5, or HumanSecurity preferred.Experience installing, configuring, and supporting Web Application Firewalls (WAFs) in complex enterprise environments.Proficiency in Web Application Firewall (WAF) configuration, policy management, and related tools.Proficiency in Bot Mitigation (BotM) configuration, policy management, and related tools.Experience with DDoS Mitigation deployments (IPSec/GRE tunnels), configuration, policy management, and related tools.Strong understanding of applications, databases, web services, authentication, and middleware servers.Knowledgeable about mobile application and device security (iOS, Android, Mobile SDKs).Familiarity with security concepts and tools such as SAST, DAST, IAST, Web Application Penetration Testing, and Open-Source Analysis.Understanding of OWASP Top Ten, threats, vulnerabilities, and tactics used to compromise applications.Experience in secure CI/CD pipeline design, architecture, automation, and secure code gating.Experience securing cloud IAAS and PAAS environments (Azure, AWS, Google Cloud).Ideally familiar with regulatory requirements and laws such as: Sarbanes-Oxley Act (SOX), PCI-DSS, TSA, SEC Amended Rule, HIPAA, GDPR, CCPA, and GLBA.Knowledge of industry compliance standards and frameworks such as: HIPAA, NIST, ISO, ITIL, COSO, COBIT, SOC1/2, NIST 800-53, NIST CSF, ITIL, and/or Cybersecurity Maturity Model.Proficiency in one or more scripting languages (e.g., Python, PowerShell, JavaScript, Bash).Ability to work independently and collaboratively with others.ABOUT BRIDGEVIEWBridgeView is a talent and technology consulting company that helps business leaders build exceptional technology teams and deliver complex projects with confidence.Since 2005, BridgeView's tenured recruiting team has built a vast network of niche technologists and executive leadership candidates to help our clients solve their most complex talent challenges. Paired with strategic consulting services, BridgeView further delivers project collaboration in the areas of people, process, and technology.This blended approach allows clients to adjust in real-time to align with their budgets while receiving Big 5 expertise to meet their objectives.BridgeView. Within Sight.We are an equal opportunity employer and value diversity. All employment decisions are made due to qualifications, merit, and business need. The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.
#J-18808-Ljbffr
Application Security EngineerLOCATION:
Denver, CO (hybrid)BENEFITS & PERKS:
Medical, Dental & Vision, 401(k)OVERVIEWThe Application Security Engineer plays a crucial role within the cybersecurity team, overseeing the management and fortification of web-based applications both on-premises and in the cloud. In this capacity, this role is tasked with crafting resilient web application firewall (WAF), Bot Mitigation/Defense, and DDoS mitigation configurations, ensuring robust defense against threats and vulnerabilities while preserving seamless business operations and customer experiences.HOW YOU WILL MAKE AN IMPACTServe as the primary authority and subject matter expert on Web Application Firewall (WAF), Bot Mitigation (BotM), and DDoS Mitigation platforms.Assess and devise cybersecurity architectures and designs that strike a balance between implementing robust security controls and fulfilling the functional requirements of the business.Define and cultivate security requirements through meticulous risk assessments, comprehensive threat modeling, rigorous testing, and insightful analysis of existing systems.Lead web application security functions, spearheading strategic initiatives to proactively tackle external, internal, and emerging application security risks across the organization.Set up new sites and applications for WAF/BotM safeguarding, conducting thorough traffic analysis to eliminate false positives and optimize protection efficacy.Collaborate closely with engineering and architecture teams to assess the security readiness of both new and existing applications introduced into the environment.Devise, test, and implement solutions and configurations with rule sets specifically crafted to safeguard against vulnerabilities and threats targeting both web-based and mobile applications.Lead compliance hardening governance across cloud and application landscapes, conducting meticulous checks on device configurations to ensure version compliance, and identifying and promptly mitigating weaknesses.Analyze reports stemming from vulnerability scans, penetration tests, web testing, to pinpoint areas of exposure and enhance application security posture in collaboration with application developers.Develop, oversee, and ensure compliance with the Secure Software Development Lifecycle (sSDLC) processes, aligning with industry best practices.Collaborate closely with cybersecurity and development teams to manage a comprehensive sSDLC process, integrating security testing functions (SAST, DAST, IAST, pen test) while balancing security and usability concerns.Develop and implement application security strategy throughout the CI/CD lifecycle.Document and maintain policies, standard operating procedures, and OWASP best practices for application and host integrity.Create and implement WAF/BotM rules and signatures to mitigate threats and adhere to best practices.Liaise with cybersecurity, threat intelligence, IT, software development, and third-party teams to address organizational cybersecurity architecture and system security engineering requirements throughout their lifecycles.REQUIRED EXPERIENCEBachelor’s degree required in: Business, Finance, Computer Science, Engineering, IT, or related field.7 + years of enterprise security or application security experience.7+ years of deploying, configuring, and managing Web Application Firewall (WAF) platforms.5+ years of deploying, configuring, and managing Bot Mitigation (BotM) platforms.5+ years of deploying, configuring, and managing DDoS Mitigation platforms.2 + years of hands-on experience in a cloud-native environment, such as Azure, AWS, or GCPHold an active cybersecurity certification, such as a CSSLP, CISSP, CISA, CCP, CSSLP, GCSA MCP, MCSE, SANS, or Microsoft AZ (highly desired, or equivalent experience is acceptable).Hold an active cybersecurity certification, such as: CSSLP, SANS, CISSP, CCNA, CISA, CCP, GCSA, MCP, MCSE, SANS, or Microsoft AZ (required, or willing to attain within 3 months of start date).Familiarity with tools like Fastly, Akamai, Radware, F5, or HumanSecurity preferred.Experience installing, configuring, and supporting Web Application Firewalls (WAFs) in complex enterprise environments.Proficiency in Web Application Firewall (WAF) configuration, policy management, and related tools.Proficiency in Bot Mitigation (BotM) configuration, policy management, and related tools.Experience with DDoS Mitigation deployments (IPSec/GRE tunnels), configuration, policy management, and related tools.Strong understanding of applications, databases, web services, authentication, and middleware servers.Knowledgeable about mobile application and device security (iOS, Android, Mobile SDKs).Familiarity with security concepts and tools such as SAST, DAST, IAST, Web Application Penetration Testing, and Open-Source Analysis.Understanding of OWASP Top Ten, threats, vulnerabilities, and tactics used to compromise applications.Experience in secure CI/CD pipeline design, architecture, automation, and secure code gating.Experience securing cloud IAAS and PAAS environments (Azure, AWS, Google Cloud).Ideally familiar with regulatory requirements and laws such as: Sarbanes-Oxley Act (SOX), PCI-DSS, TSA, SEC Amended Rule, HIPAA, GDPR, CCPA, and GLBA.Knowledge of industry compliance standards and frameworks such as: HIPAA, NIST, ISO, ITIL, COSO, COBIT, SOC1/2, NIST 800-53, NIST CSF, ITIL, and/or Cybersecurity Maturity Model.Proficiency in one or more scripting languages (e.g., Python, PowerShell, JavaScript, Bash).Ability to work independently and collaboratively with others.ABOUT BRIDGEVIEWBridgeView is a talent and technology consulting company that helps business leaders build exceptional technology teams and deliver complex projects with confidence.Since 2005, BridgeView's tenured recruiting team has built a vast network of niche technologists and executive leadership candidates to help our clients solve their most complex talent challenges. Paired with strategic consulting services, BridgeView further delivers project collaboration in the areas of people, process, and technology.This blended approach allows clients to adjust in real-time to align with their budgets while receiving Big 5 expertise to meet their objectives.BridgeView. Within Sight.We are an equal opportunity employer and value diversity. All employment decisions are made due to qualifications, merit, and business need. The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.
#J-18808-Ljbffr