IS3 Solutions
Application Security Engineer
IS3 Solutions, Las Vegas, Nevada, us, 89105
Position OverviewThe primary responsibility of the Application Security Engineer - Cyber Security is to support technologies that enable the companies' cyber security goals and objectives, securing the confidentiality, integrity, and availability of software and computer information systems. The role will serve as a security engineer for software development, supporting technologies that facilitate the security of the software products and services. Additional key responsibilities of the role include reviewing vulnerabilities identified by application security technologies and processes provide positive results to the appropriate software development teams, and coordinating with those teams to support their triage and remediation efforts for identified, valid vulnerabilities. Duties performed per departmental and client's policies, practices, and procedures.
Essential Duties & Responsibilitiesct as a primary technical resource in the development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities.Manage application security program across multiple SDLCs.Ensure cybersecurity requirements are met before production release.Triage potential vulnerabilities identified by application security program with the context of application and related business knowledge.Maintain an understanding of core functionality of supported software and first-party applications.Collaborate with software development and quality assurance teams to ensure code is free from security defects.Review performance of controls such as threat modeling, SCA, SAST, DAST, IAST, RASP, Secrets Scanning, Container Scanning, Misconfiguration Identification, Secure Code Review, CI/CD Pipeline Security, and Deployment Environment Security.ctively seek ways to improve secure software development processes.Nice to have
Professional certification in multiple programming languages (C#, .NET, Java, etc.) is recommended.Professional certifications in cyber security (CISSP, OSCP, etc.) are recommended.Experience with CI/CD and pipeline tools such as Jenkins, Docker, Kubernetes, and others.Knowledge of cloud platforms and services, with experience in cloud security.Experience with automated software and security testing tools and techniques.Experience integrating security testing into an SDLC.
Essential Duties & Responsibilitiesct as a primary technical resource in the development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities.Manage application security program across multiple SDLCs.Ensure cybersecurity requirements are met before production release.Triage potential vulnerabilities identified by application security program with the context of application and related business knowledge.Maintain an understanding of core functionality of supported software and first-party applications.Collaborate with software development and quality assurance teams to ensure code is free from security defects.Review performance of controls such as threat modeling, SCA, SAST, DAST, IAST, RASP, Secrets Scanning, Container Scanning, Misconfiguration Identification, Secure Code Review, CI/CD Pipeline Security, and Deployment Environment Security.ctively seek ways to improve secure software development processes.Nice to have
Professional certification in multiple programming languages (C#, .NET, Java, etc.) is recommended.Professional certifications in cyber security (CISSP, OSCP, etc.) are recommended.Experience with CI/CD and pipeline tools such as Jenkins, Docker, Kubernetes, and others.Knowledge of cloud platforms and services, with experience in cloud security.Experience with automated software and security testing tools and techniques.Experience integrating security testing into an SDLC.