Inmar
Application Engineer, Cyber Security (Remote)
Inmar, Winston Salem, North Carolina, United States, 27104
The Application Engineer, Cyber Security is responsible for building, managing and supporting information security that underpins all internal and external user technology services, according to security policies and best practices.
The Application Engineer, Cyber Security has strong development experience in numerous programming languages and is the subject matter expert (SME) for concepts behind security controls and how they apply to application development, web presence and API services. This individual is accountable for identifying weaknesses in our security posture within the application or web space while defining methods to achieve security control requirements via automation or highly efficient means that further support timely delivery with minimal overhead. They work across internal and external teams of infrastructure specialists and software engineers making sure services are delivered and used securely as required, offering advice and guidance on security decisions and ensuring the effective use of common tools and patterns.
The incumbent must have a service-oriented mentality, a high sense of ownership of the problems and requests assigned, a focus on managing and resolving issues in alignment with the SLAs, establishing and maintaining communication with technology customers to keep them updated with status of their requests, initiating and performing changes on production systems and proactively escalating any issues that cannot be resolved within the established timeframes.
Additional insights, experience or background in any of the following are also of great value: NIST, ISO27001, Data Protection, Java Development, Static Code Analysis, Dynamic Code Analysis, Penetration Testing, Containers, MicroServices, CI/CD Pipeline, Agile, Git, Jira, Docker, Kubernetes, cloud security (AWS, Azure, GCP) and design, process maturity, and other related focuses.
Primary Accountabilities:
Technical (80%)
Be the security representative for multiple product lines and act as the point of contact for software engineering and security.Perform architecture reviews to steer projects in the right direction, participate in security code reviews, and automate penetration testing against products prior to move to production.Support software engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure their architecture.Review development frameworks for security functionality, consistency, and uplift opportunities.Create threat models and leverage them to prioritize time based on risk impact.Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects.Implement and/or assess existing security controls.Translate logical designs into physical designs; produce detailed designs and document all work using required standards, methods and tools, including prototyping tools where appropriate.Design systems characterized by managed levels of risk, manageable business and technical complexity and meaningful impact; works with well-understood technology and identifies appropriate patterns.Project Management (20%)
Work with application development teams to ensure secure software development lifecycle (S-SDLC) implementation and validation.Educate and train product teams.Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical cyber security subjects.Required Qualifications:
Bachelor's degree in Computer Science, Information Technology or related field8-10 years of related work experience with vulnerability managementOr any equivalent combination of experience and training/certification that provides the required knowledge, skills, and abilities needed to complete the major responsibilities/essential functions of the positionCertifications preferred. OSCP, CISSP, GCIH, GXPN, GPENWorking experience in web and mobile application securityWorking experience in distributed platform development security and designIn-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)Working experience with industry tools and technologies such as Burp, Metasploit, etc.Working knowledge of common languages such as Python, GO, Javascript, Java, etc.Familiarity in public cloud security deployment and implementation issues (AWS, Azure, GCP)Familiarity with audits and standards requirements such ISO 27001, PCI DSS, SOC 1 & 2, etc.Proven expertise in enterprise-grade and web scale security solutionsSpecific Technical Skills Needed:
Security and Risk Assessment
Aware of Security governance principles and able to apply them to the enterpriseUnderstands the legal and regulatory Issues relevant to the enterprise and does not place the enterprise at risk.Security Engineering
Working knowledge of secure design principlesWorking knowledge of database securityWorking knowledge of cloud computingWorking knowledge of CryptographyIdentity and Access Management
Physical and logical accessLDAPMulti-factor authenticationSession managementCredential managementSoftware Development Security
Working knowledge of software development lifecyclesWorking knowledge of what software development methodologies are used in the enterprise and can explain what it meansFamiliar with DevOps conceptsWorking knowledge of security vulnerabilities and understands how the following work: Bounds checking, Input/output validation, Buffer overflow, Privilege escalationWorking knowledge of secure coding practicesWorking knowledge of code repositoriesIndividual Competencies:
Integrity:
Gains the trust of others by taking responsibility for own actions and telling the truth.Teamwork:
Builds relationships and works cooperatively with others, inside and outside the organization, to accomplish objectives to build and maintain mutually-beneficial partnerships, leverage information and achieve results.Adaptable:
Responds to change with a willingness to learn new ways to accomplish work objectives with a positive attitude.Innovative:
Ability to develop, sponsor, or support the introduction of new and improved methods, products, procedures or technologies.Curious:
A desire to inquire and learn, to seek new knowledge and wisdom, and to listen to the contributions of others with a genuine interest to better self, the team, and the organization.Analytical and Critical Thinking:
Ability to tackle a problem by using a logical, systematic, sequential approach.Problem Solving:
Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.The physical demands described here are representative of those that must be met by an associate to successfully perform the major job responsibilities (essential functions) of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the major job responsibilities. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job.
While performing the duties of this job, the associate is:
Regularly required to use hands to finger, handle or feel objects, tools or controls, and reach with hands or arms.Regularly required to talk or hear and read instructions on a computer monitor and/or printed on paper.Occasionally required to stand, kneel or stoop, and lift and/or move up to ## pounds.Regularly required to view items at an extremely close range and must be able to adjust and readjust focus.Occasionally: Job requires this activity up to 33% of the time
Frequently: Job requires this activity between 33% - 66% of the time
Regularly: Job requires this activity more than 66% of the time
Safety:
Support a safe work environment by following safety rules and regulations and reporting all safety hazards.As an Inmar Associate, you:
Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations.Treat clients and teammates with courtesy, consideration and tact; you also have the ability to perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client.Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually-beneficial partnerships, leverage information to achieve results.Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability.Understand that results are important and focus on turning mission into action to achieve results following the principles of Flawless Execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.
We are an Equal Opportunity Employer, including disability/vets.
The Application Engineer, Cyber Security has strong development experience in numerous programming languages and is the subject matter expert (SME) for concepts behind security controls and how they apply to application development, web presence and API services. This individual is accountable for identifying weaknesses in our security posture within the application or web space while defining methods to achieve security control requirements via automation or highly efficient means that further support timely delivery with minimal overhead. They work across internal and external teams of infrastructure specialists and software engineers making sure services are delivered and used securely as required, offering advice and guidance on security decisions and ensuring the effective use of common tools and patterns.
The incumbent must have a service-oriented mentality, a high sense of ownership of the problems and requests assigned, a focus on managing and resolving issues in alignment with the SLAs, establishing and maintaining communication with technology customers to keep them updated with status of their requests, initiating and performing changes on production systems and proactively escalating any issues that cannot be resolved within the established timeframes.
Additional insights, experience or background in any of the following are also of great value: NIST, ISO27001, Data Protection, Java Development, Static Code Analysis, Dynamic Code Analysis, Penetration Testing, Containers, MicroServices, CI/CD Pipeline, Agile, Git, Jira, Docker, Kubernetes, cloud security (AWS, Azure, GCP) and design, process maturity, and other related focuses.
Primary Accountabilities:
Technical (80%)
Be the security representative for multiple product lines and act as the point of contact for software engineering and security.Perform architecture reviews to steer projects in the right direction, participate in security code reviews, and automate penetration testing against products prior to move to production.Support software engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure their architecture.Review development frameworks for security functionality, consistency, and uplift opportunities.Create threat models and leverage them to prioritize time based on risk impact.Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects.Implement and/or assess existing security controls.Translate logical designs into physical designs; produce detailed designs and document all work using required standards, methods and tools, including prototyping tools where appropriate.Design systems characterized by managed levels of risk, manageable business and technical complexity and meaningful impact; works with well-understood technology and identifies appropriate patterns.Project Management (20%)
Work with application development teams to ensure secure software development lifecycle (S-SDLC) implementation and validation.Educate and train product teams.Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical cyber security subjects.Required Qualifications:
Bachelor's degree in Computer Science, Information Technology or related field8-10 years of related work experience with vulnerability managementOr any equivalent combination of experience and training/certification that provides the required knowledge, skills, and abilities needed to complete the major responsibilities/essential functions of the positionCertifications preferred. OSCP, CISSP, GCIH, GXPN, GPENWorking experience in web and mobile application securityWorking experience in distributed platform development security and designIn-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)Working experience with industry tools and technologies such as Burp, Metasploit, etc.Working knowledge of common languages such as Python, GO, Javascript, Java, etc.Familiarity in public cloud security deployment and implementation issues (AWS, Azure, GCP)Familiarity with audits and standards requirements such ISO 27001, PCI DSS, SOC 1 & 2, etc.Proven expertise in enterprise-grade and web scale security solutionsSpecific Technical Skills Needed:
Security and Risk Assessment
Aware of Security governance principles and able to apply them to the enterpriseUnderstands the legal and regulatory Issues relevant to the enterprise and does not place the enterprise at risk.Security Engineering
Working knowledge of secure design principlesWorking knowledge of database securityWorking knowledge of cloud computingWorking knowledge of CryptographyIdentity and Access Management
Physical and logical accessLDAPMulti-factor authenticationSession managementCredential managementSoftware Development Security
Working knowledge of software development lifecyclesWorking knowledge of what software development methodologies are used in the enterprise and can explain what it meansFamiliar with DevOps conceptsWorking knowledge of security vulnerabilities and understands how the following work: Bounds checking, Input/output validation, Buffer overflow, Privilege escalationWorking knowledge of secure coding practicesWorking knowledge of code repositoriesIndividual Competencies:
Integrity:
Gains the trust of others by taking responsibility for own actions and telling the truth.Teamwork:
Builds relationships and works cooperatively with others, inside and outside the organization, to accomplish objectives to build and maintain mutually-beneficial partnerships, leverage information and achieve results.Adaptable:
Responds to change with a willingness to learn new ways to accomplish work objectives with a positive attitude.Innovative:
Ability to develop, sponsor, or support the introduction of new and improved methods, products, procedures or technologies.Curious:
A desire to inquire and learn, to seek new knowledge and wisdom, and to listen to the contributions of others with a genuine interest to better self, the team, and the organization.Analytical and Critical Thinking:
Ability to tackle a problem by using a logical, systematic, sequential approach.Problem Solving:
Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.The physical demands described here are representative of those that must be met by an associate to successfully perform the major job responsibilities (essential functions) of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the major job responsibilities. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job.
While performing the duties of this job, the associate is:
Regularly required to use hands to finger, handle or feel objects, tools or controls, and reach with hands or arms.Regularly required to talk or hear and read instructions on a computer monitor and/or printed on paper.Occasionally required to stand, kneel or stoop, and lift and/or move up to ## pounds.Regularly required to view items at an extremely close range and must be able to adjust and readjust focus.Occasionally: Job requires this activity up to 33% of the time
Frequently: Job requires this activity between 33% - 66% of the time
Regularly: Job requires this activity more than 66% of the time
Safety:
Support a safe work environment by following safety rules and regulations and reporting all safety hazards.As an Inmar Associate, you:
Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations.Treat clients and teammates with courtesy, consideration and tact; you also have the ability to perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client.Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually-beneficial partnerships, leverage information to achieve results.Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability.Understand that results are important and focus on turning mission into action to achieve results following the principles of Flawless Execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.
We are an Equal Opportunity Employer, including disability/vets.