Eliassen Group
Application Security Engineer
Eliassen Group, Washington, District of Columbia, us, 20022
Demonstrate your expertise and challenge your skills in this exciting IT Security Engineering opportunity! We are seeking an experienced IT Security Engineer for a lead role within our Security Team in our Washington DC IT Department. In this role, you will provide IT security support for applications and software systems in all platforms as well as providing security support to all systems in production, staging and development environments. This Security Engineer role will work closely with Washington DC IT departments and ensures the security and protection of organizational information assets including data, applications, systems, databases, networks, and other resources. We offer a competitive salary and comprehensive benefits, making this a great opportunity for an experienced IT Security Engineer, like you, to take their IT career to the next level!Job Description
Security Engineer works on defining security frameworks for existing and new systems.Represents the IT security team for enterprise projects during development phases like architecture/design review, providing IT security consulting and recommendations, to ensure the implementation of a secure application design.Responsible for supporting the implementation and enforcement of secure application design principles.Responsible for explaining and demonstrating vulnerabilities to application/system owners, and provide recommendations for mitigation.Responsible for defining and designing security code analysis tools and framework, performing code and design reviews of all internal and external software products. Work with application developers to ensure adoption of security principles and best practices.Provides direction and support in security management and security architecture standards and documentation.Provides fault resolution and escalation advice.Responsible for defining processes to manage and enforce application security.Conducts active penetration tests; discovers vulnerabilities in information systems.Participates in IT security compliance and audit efforts (e.g., PCI DSS).Qualifications
College degree (relevant field) or equivalent experience; 3-5 years of work experience.2+ years of experience in web application development in .NET, Java EE, and SQL.1+ years of experience in web or mobile application security preferred.Knowledge of authentication mechanisms like SAML, OAuth etc. along with web service security protocols for SOAP such as WS-Security are nice to have.Knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers.Experience with application security code review practices/static analysis and methods, such as OWASP Top Ten.Detailed knowledge and understanding of the Payment Card Industry (PCI) data security standards (PCI DSS) as well as experience in the implementation of controls to mitigate PCI issues.Experience with Application Security Firewalls, F5’ ASM / Citrix’s Teros etc. are desirable.Experience in creating, maintaining, and executing Incident Response Plans.Strong interpersonal and communications skills along with strong customer service skills.Knowledge of Security Flaws and its Resolution as listed in sites like OWASP, SANS etc.Knowledge and understanding of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, DNS, LTM, GTM) preferred.Experience in technical security countermeasures, risk management, contingency planning, and data communications networking preferred.Additional Information
All your information will be kept confidential according to EEO guidelines.
#J-18808-Ljbffr
Security Engineer works on defining security frameworks for existing and new systems.Represents the IT security team for enterprise projects during development phases like architecture/design review, providing IT security consulting and recommendations, to ensure the implementation of a secure application design.Responsible for supporting the implementation and enforcement of secure application design principles.Responsible for explaining and demonstrating vulnerabilities to application/system owners, and provide recommendations for mitigation.Responsible for defining and designing security code analysis tools and framework, performing code and design reviews of all internal and external software products. Work with application developers to ensure adoption of security principles and best practices.Provides direction and support in security management and security architecture standards and documentation.Provides fault resolution and escalation advice.Responsible for defining processes to manage and enforce application security.Conducts active penetration tests; discovers vulnerabilities in information systems.Participates in IT security compliance and audit efforts (e.g., PCI DSS).Qualifications
College degree (relevant field) or equivalent experience; 3-5 years of work experience.2+ years of experience in web application development in .NET, Java EE, and SQL.1+ years of experience in web or mobile application security preferred.Knowledge of authentication mechanisms like SAML, OAuth etc. along with web service security protocols for SOAP such as WS-Security are nice to have.Knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers.Experience with application security code review practices/static analysis and methods, such as OWASP Top Ten.Detailed knowledge and understanding of the Payment Card Industry (PCI) data security standards (PCI DSS) as well as experience in the implementation of controls to mitigate PCI issues.Experience with Application Security Firewalls, F5’ ASM / Citrix’s Teros etc. are desirable.Experience in creating, maintaining, and executing Incident Response Plans.Strong interpersonal and communications skills along with strong customer service skills.Knowledge of Security Flaws and its Resolution as listed in sites like OWASP, SANS etc.Knowledge and understanding of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, DNS, LTM, GTM) preferred.Experience in technical security countermeasures, risk management, contingency planning, and data communications networking preferred.Additional Information
All your information will be kept confidential according to EEO guidelines.
#J-18808-Ljbffr