Aloden LLC
Security Engineer - Application Security
Aloden LLC, Charlotte, North Carolina, United States, 28245
Security Engineer – Application Security , Only W2 (Citizen, GC, GC EAD and H4EAD)Locations: Charlotte, NC; Chandler, AZ; Westlake, TX (Hybrid – 3 days onsite, 2 days WFH)
Duration: 12+ Months Contract
Required Qualifications:
Experience:
5+ years of Application Security Engineering experience, or equivalent demonstrated through a combination of work experience, training, military experience, or education
5+ years of troubleshooting experience in complex technical environments
2+ years of experience implementing technical solutions in a large enterprise (150K+ employees)
2+ years of experience with scripting tools such as Bash, Python, and PowerShell
1+ year of experience writing SQL queries
1+ year of experience building/managing MS SQL and/or Oracle databases, including data feeds and ETL
Desired Qualifications:
Application Security Expertise: Expert understanding of OWASP Top 10 and SANS/CWE Top 25 vulnerabilities
Development Experience: Experience in developing applications using Java, .NET (preferred), C#, JavaScript, Python, or other modern OOP languages.
Security Tool Management: Experience managing automated application security testing tools (SAST, DAST, SCA)
Secure Development Guidance: Ability to provide strategic and tactical security guidance for secure application development, including technical control recommendations.
CI/CD Integration: Experience integrating application security tools into the CI/CD pipeline.
DevSecOps: Experience with DevSecOps practices and principles.
Certifications: One or more of the following application security certifications: OSCP, OSEP, OSWE, CEH, LPT, CPT, CEPT, CASS, CASE, CMWAPT, CRTOP, GIAC GEVA/GPEN/GWAPT/GCPN/GXPN/GMOB/GDAT
Responsibilities:
Identify and assess application security risks, vulnerabilities, and threats.
Conduct security assessments and penetration testing of applications.
Provide recommendations and guidance on secure coding practices and remediation of vulnerabilities.
Implement and manage automated application security testing tools.
Integrate security into the development lifecycle (DevSecOps).
Collaborate with development teams to ensure secure application development.
Develop and maintain security documentation and procedures.
#J-18808-Ljbffr
Duration: 12+ Months Contract
Required Qualifications:
Experience:
5+ years of Application Security Engineering experience, or equivalent demonstrated through a combination of work experience, training, military experience, or education
5+ years of troubleshooting experience in complex technical environments
2+ years of experience implementing technical solutions in a large enterprise (150K+ employees)
2+ years of experience with scripting tools such as Bash, Python, and PowerShell
1+ year of experience writing SQL queries
1+ year of experience building/managing MS SQL and/or Oracle databases, including data feeds and ETL
Desired Qualifications:
Application Security Expertise: Expert understanding of OWASP Top 10 and SANS/CWE Top 25 vulnerabilities
Development Experience: Experience in developing applications using Java, .NET (preferred), C#, JavaScript, Python, or other modern OOP languages.
Security Tool Management: Experience managing automated application security testing tools (SAST, DAST, SCA)
Secure Development Guidance: Ability to provide strategic and tactical security guidance for secure application development, including technical control recommendations.
CI/CD Integration: Experience integrating application security tools into the CI/CD pipeline.
DevSecOps: Experience with DevSecOps practices and principles.
Certifications: One or more of the following application security certifications: OSCP, OSEP, OSWE, CEH, LPT, CPT, CEPT, CASS, CASE, CMWAPT, CRTOP, GIAC GEVA/GPEN/GWAPT/GCPN/GXPN/GMOB/GDAT
Responsibilities:
Identify and assess application security risks, vulnerabilities, and threats.
Conduct security assessments and penetration testing of applications.
Provide recommendations and guidance on secure coding practices and remediation of vulnerabilities.
Implement and manage automated application security testing tools.
Integrate security into the development lifecycle (DevSecOps).
Collaborate with development teams to ensure secure application development.
Develop and maintain security documentation and procedures.
#J-18808-Ljbffr