Mission Federal Credit Union
Information Security - Application Security Engineer
Mission Federal Credit Union, Houston, Texas, United States, 77246
SUMMARY:
The application security engineer is responsible for validating that application services are designed and implemented with high-security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security engineer supports continuous integration and continuous deployment (CI/CD) initiatives and is an integrated team member working with software developers, system engineers, data architects, and systems administrators to drive system efficiencies.
KEY RESPONSIBILITIES:
Build relationships with developers, engineers, scrum masters, and stakeholders to incorporate security principles into engineering design and deployments.Work in tandem with developers to provide repetitive validation testing before production while allowing for a continuous cycle of development followed by application security assessments.Perform vulnerability and penetration testing.Simplify automation that applies security interworking's with CI/CD pipelines and build services and tools to enable developers and engineers to easily use security components in their workflows.Fully define and follow a security review process to identify vulnerabilities in code through automated and manual assessments and promote quick remediation.Conduct testing and validation in application security controls across cross-departmental projects.Oversee implementation of defensive practices and countermeasures across infrastructure and applications.Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business and gain support through influential messaging.Support the ability to shift left, incorporate security early on, and actively participate in application project meetings.Participate in the company's change management program.Research and learn new tactics, techniques, and procedures (TTPs) regularly in public and closed forums. Work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline.Enrich DevOps architecture with security standards and best practices.Train developers and other team members on application security weaknesses to avoid.Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not negatively impacted.Maintains in-depth knowledge of and complies with all Mission Fed, departmental and security policies and procedures, as well as, federal regulations applicable to the position, including BSA requirements. Completes all required compliance training as assigned.Performs other duties as assigned.
QUALIFICATIONS:
Education:
A bachelor's degree in a related discipline or industry-recognized information security certificates with relevant experience is required. Certifications from ISC2 (CSSLP, CCSP), SANS (GWAPT), EC-Council (CEH), OSCP, or Microsoft (AZ-500) will be considered.
Experience:
A minimum of 2 years of experience with a bachelor's degree or a minimum of 5 years of relevant experience along with industry recognized certifications in lieu of bachelor's degree. The candidate should have highly technical experience, a DevOps background in public and private clouds, and working knowledge of OWASP, NIST CSF, CIS, frameworks, and threat modeling methodologies such as STRIDE.
COMPETENCIES:
Skills &Abilities:Highly technical and analytical experience, with a proven deep background in application programming.Proficiency in software development (Java, .NET, Python, C++, Ruby, etc.).Capable of scripting in Python, Bash, Perl, or PowerShell.Experience in threat modeling applications.Vulnerability and penetration-testing skills.Experience with agile workflows, including Scrum and Kanban.Experience with operation and security across Microsoft Azure or Amazon Web Services (AWS).Solid understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SDLC).Experience with dynamic and static analysis tools.SQL database experience.Excellent verbal and technical written communication skills.Demonstrates solid organizational skills and the ability to multi-task and prioritize workload.Possesses high integrity and trustworthiness, and represents the company and its management team at the highest level of professionalism.Strong interpersonal and relationship-building skills are essential.Must be self-motivated and self-directed and be available to work a schedule involving after-hours and weekend work as needed.PHYSICAL DEMANDS/WORKING CONDITIONS:
Constant sitting.Frequent repetitive use of the hand involving simple grasping.Occasional walking, standing, lifting, and carrying (0-10 lbs.).
**Critical features of this job are described under the headings above. They may be subject to change at any time due to reasonable accommodation or other reasons. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.**
Your privacy is very important to Mission Federal Credit Union. The California Consumer Privacy Act ("CCPA")/ California Privacy Rights Act (CPRA) requires Mission Federal Credit Union to inform California residents, including job applicants, of the categories of personal information we collect and the purpose for which the personal information will be used. This job applicant notice and the CCPA/CPRA notice provides the disclosures required by the CCPA/CPRA and applies only to applicants who are subject to the CCPA/CPRA.
Mission Federal Credit Union is an Equal Opportunity Employer. All applicants will receive consideration without regard to race, sex, color, creed, religion, age, marital status, sexual orientation, national origin, physical or mental disability, veteran status, or any other class protected by law. INDMF
The application security engineer is responsible for validating that application services are designed and implemented with high-security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security engineer supports continuous integration and continuous deployment (CI/CD) initiatives and is an integrated team member working with software developers, system engineers, data architects, and systems administrators to drive system efficiencies.
KEY RESPONSIBILITIES:
Build relationships with developers, engineers, scrum masters, and stakeholders to incorporate security principles into engineering design and deployments.Work in tandem with developers to provide repetitive validation testing before production while allowing for a continuous cycle of development followed by application security assessments.Perform vulnerability and penetration testing.Simplify automation that applies security interworking's with CI/CD pipelines and build services and tools to enable developers and engineers to easily use security components in their workflows.Fully define and follow a security review process to identify vulnerabilities in code through automated and manual assessments and promote quick remediation.Conduct testing and validation in application security controls across cross-departmental projects.Oversee implementation of defensive practices and countermeasures across infrastructure and applications.Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business and gain support through influential messaging.Support the ability to shift left, incorporate security early on, and actively participate in application project meetings.Participate in the company's change management program.Research and learn new tactics, techniques, and procedures (TTPs) regularly in public and closed forums. Work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline.Enrich DevOps architecture with security standards and best practices.Train developers and other team members on application security weaknesses to avoid.Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not negatively impacted.Maintains in-depth knowledge of and complies with all Mission Fed, departmental and security policies and procedures, as well as, federal regulations applicable to the position, including BSA requirements. Completes all required compliance training as assigned.Performs other duties as assigned.
QUALIFICATIONS:
Education:
A bachelor's degree in a related discipline or industry-recognized information security certificates with relevant experience is required. Certifications from ISC2 (CSSLP, CCSP), SANS (GWAPT), EC-Council (CEH), OSCP, or Microsoft (AZ-500) will be considered.
Experience:
A minimum of 2 years of experience with a bachelor's degree or a minimum of 5 years of relevant experience along with industry recognized certifications in lieu of bachelor's degree. The candidate should have highly technical experience, a DevOps background in public and private clouds, and working knowledge of OWASP, NIST CSF, CIS, frameworks, and threat modeling methodologies such as STRIDE.
COMPETENCIES:
Skills &Abilities:Highly technical and analytical experience, with a proven deep background in application programming.Proficiency in software development (Java, .NET, Python, C++, Ruby, etc.).Capable of scripting in Python, Bash, Perl, or PowerShell.Experience in threat modeling applications.Vulnerability and penetration-testing skills.Experience with agile workflows, including Scrum and Kanban.Experience with operation and security across Microsoft Azure or Amazon Web Services (AWS).Solid understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SDLC).Experience with dynamic and static analysis tools.SQL database experience.Excellent verbal and technical written communication skills.Demonstrates solid organizational skills and the ability to multi-task and prioritize workload.Possesses high integrity and trustworthiness, and represents the company and its management team at the highest level of professionalism.Strong interpersonal and relationship-building skills are essential.Must be self-motivated and self-directed and be available to work a schedule involving after-hours and weekend work as needed.PHYSICAL DEMANDS/WORKING CONDITIONS:
Constant sitting.Frequent repetitive use of the hand involving simple grasping.Occasional walking, standing, lifting, and carrying (0-10 lbs.).
**Critical features of this job are described under the headings above. They may be subject to change at any time due to reasonable accommodation or other reasons. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.**
Your privacy is very important to Mission Federal Credit Union. The California Consumer Privacy Act ("CCPA")/ California Privacy Rights Act (CPRA) requires Mission Federal Credit Union to inform California residents, including job applicants, of the categories of personal information we collect and the purpose for which the personal information will be used. This job applicant notice and the CCPA/CPRA notice provides the disclosures required by the CCPA/CPRA and applies only to applicants who are subject to the CCPA/CPRA.
Mission Federal Credit Union is an Equal Opportunity Employer. All applicants will receive consideration without regard to race, sex, color, creed, religion, age, marital status, sexual orientation, national origin, physical or mental disability, veteran status, or any other class protected by law. INDMF