Geographic Solutions
Application Security Engineer III
Geographic Solutions, Palm Harbor, Florida, United States, 34683
Job Summary:
Assist the Chief Information Security Officer in leading and managing the Information in accordance with organizational policies and goals. The candidate will assist the Chief Information Security Officer and the Application Security Team Lead in processing documentation, facilitation, remediation planning, risk management, and systems implementation coordination to meet the audit, control, and compliance requirements.
The Application Security Engineer III will be responsible for identifying and reporting all security issues, prioritizing threats, and confirming threats have been mitigated in accordance with company standards. The Application Security Engineer III will be a resource of experience and best practices to for the Information Security Team.
Key Responsibilities:Proficiency in configuration, optimization, and utilization of information security tools such as Crowdstrike or similar EDR, Cisco FTD, Palo Alto , Qualys, HP Fortify, Nessus, Kismet, Airsnort, NMAP, Wireshark, WebInspect, SNORT, Security Onion, and Nikto, Burp Suite, Kali Linux, and other web application penetration testing toolsSound understanding of manual techniques to exploit vulnerabilities in the Open Web Application Security Project (OWASP) top 10 including but not limited to cross-site scripting, SQL injections, session hijacking, and buffer overflows to obtain controlled access to target systemsAttack and Penetration experience in testing of Internet infrastructure and Web-based applications utilizing manual and automated toolsArchitect and design new tools to include SOP's and Diagrams for the SECOPS team and Security and Network operations team.Proficiency in static and dynamic scanning methodologiesExpert ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocolsAbility to perform general inspection and implement preventative measures on intrusion detection systemsAssist in managing multiple competing priorities in a fast-paced SaaS environmentAssist in managing third-party security services, application vendors, evaluate new vendors and servicesRequirements
Work Experience / Knowledge:
Knowledge of Industry Standards, e.g., ISO 17799/27001, FISMA/FedRAMP, NIST Publications, and other Industry Related Security StandardsKnowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate ComplianceHands-on working experience with Microsoft SQL Server 2012/2016/2019Strong working knowledge of agile and waterfall software development lifecycle methodologiesExperience reviewing or auditing IT general controls, network infrastructure, information security, SDLC, web server, database server, operating systems, and/or software applications to ensure compliance is maintainedExperience in the implementation and management of both offensive and defensive security technologies in conjunction with commercial and federal information security compliance initiativesActive participation in Enterprise-level Risk Assessment and Business Impact AnalysisActive participation in disaster recovery and business continuity planning and executionConsulting experience in Information SecurityHands-on working experience with Windows Server 2012/2016/2019Experience in TCP/IP NetworkingKnowledge of Industry Standards, e.g., ISO 17799/27001, NIST Publications, and other industry-related security standardsKnowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate ComplianceWork with internal and external resources on performing and reporting the annual penetration testing to include complete white-hat testing; Must provide a detailed report and recommendations for improvements and remediation where applicableWork with internal and external stakeholders to assess security requirements, and approve/modify designs as neededEnsure vulnerabilities are mitigated in a timely fashion in accordance with the applicable compliance requirementsSupport incident responses for all security-related issues 24/7Qualifications / Certifications:
5 or more years of experience in one or more of the following Database Environments: Microsoft SQL Server, Oracle, Sybase, DB2, and MySQLCISSP, CISM, OSCP, CEH and/or Security+/Network+ Certifications5 or more years hands on experience in one or more of the following Operating Systems: Windows Server 2008/2012/2016/2019, Linux and UNI5 years practical experience in TCP/IP Networking5 years experience with managing small tactical teams5 years or more experience with private or public cloud security2 or more years designing, architecting and engineering security solutions.Special Requirements:
May also be assigned various projects and tasks as neededHours: Day shift. Evening and weekend hours may be required
Equal Opportunity Employer. M/F/D/V
Assist the Chief Information Security Officer in leading and managing the Information in accordance with organizational policies and goals. The candidate will assist the Chief Information Security Officer and the Application Security Team Lead in processing documentation, facilitation, remediation planning, risk management, and systems implementation coordination to meet the audit, control, and compliance requirements.
The Application Security Engineer III will be responsible for identifying and reporting all security issues, prioritizing threats, and confirming threats have been mitigated in accordance with company standards. The Application Security Engineer III will be a resource of experience and best practices to for the Information Security Team.
Key Responsibilities:Proficiency in configuration, optimization, and utilization of information security tools such as Crowdstrike or similar EDR, Cisco FTD, Palo Alto , Qualys, HP Fortify, Nessus, Kismet, Airsnort, NMAP, Wireshark, WebInspect, SNORT, Security Onion, and Nikto, Burp Suite, Kali Linux, and other web application penetration testing toolsSound understanding of manual techniques to exploit vulnerabilities in the Open Web Application Security Project (OWASP) top 10 including but not limited to cross-site scripting, SQL injections, session hijacking, and buffer overflows to obtain controlled access to target systemsAttack and Penetration experience in testing of Internet infrastructure and Web-based applications utilizing manual and automated toolsArchitect and design new tools to include SOP's and Diagrams for the SECOPS team and Security and Network operations team.Proficiency in static and dynamic scanning methodologiesExpert ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocolsAbility to perform general inspection and implement preventative measures on intrusion detection systemsAssist in managing multiple competing priorities in a fast-paced SaaS environmentAssist in managing third-party security services, application vendors, evaluate new vendors and servicesRequirements
Work Experience / Knowledge:
Knowledge of Industry Standards, e.g., ISO 17799/27001, FISMA/FedRAMP, NIST Publications, and other Industry Related Security StandardsKnowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate ComplianceHands-on working experience with Microsoft SQL Server 2012/2016/2019Strong working knowledge of agile and waterfall software development lifecycle methodologiesExperience reviewing or auditing IT general controls, network infrastructure, information security, SDLC, web server, database server, operating systems, and/or software applications to ensure compliance is maintainedExperience in the implementation and management of both offensive and defensive security technologies in conjunction with commercial and federal information security compliance initiativesActive participation in Enterprise-level Risk Assessment and Business Impact AnalysisActive participation in disaster recovery and business continuity planning and executionConsulting experience in Information SecurityHands-on working experience with Windows Server 2012/2016/2019Experience in TCP/IP NetworkingKnowledge of Industry Standards, e.g., ISO 17799/27001, NIST Publications, and other industry-related security standardsKnowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate ComplianceWork with internal and external resources on performing and reporting the annual penetration testing to include complete white-hat testing; Must provide a detailed report and recommendations for improvements and remediation where applicableWork with internal and external stakeholders to assess security requirements, and approve/modify designs as neededEnsure vulnerabilities are mitigated in a timely fashion in accordance with the applicable compliance requirementsSupport incident responses for all security-related issues 24/7Qualifications / Certifications:
5 or more years of experience in one or more of the following Database Environments: Microsoft SQL Server, Oracle, Sybase, DB2, and MySQLCISSP, CISM, OSCP, CEH and/or Security+/Network+ Certifications5 or more years hands on experience in one or more of the following Operating Systems: Windows Server 2008/2012/2016/2019, Linux and UNI5 years practical experience in TCP/IP Networking5 years experience with managing small tactical teams5 years or more experience with private or public cloud security2 or more years designing, architecting and engineering security solutions.Special Requirements:
May also be assigned various projects and tasks as neededHours: Day shift. Evening and weekend hours may be required
Equal Opportunity Employer. M/F/D/V