Applications Security Engineer DevSecOpsCyber Security - REMOTE

Job Title: Applications Security Engineer DevSecops/Cyber Security

Location: Remote (Remote conditions With Expectation to travel to office 23 times a year Candidates local to Las Vegas expected to be in office minimum twice a month.)

Duration: 6 Months CTH

Important Information to Note:

Client is using a variety of tools. For cybersecurity they are using software composition analysis (SCA) Docker container scanners infrastructureascode scanners Git Leaks and Git Custodian. In terms of application security they are using Checkmarx AppScan Fortify SonarQube AppScan Standard HP WebInspector Burp Suite for manual penetration testing and Veracode and Tenable for vulnerability management. They also use some less modern tools like Pascal for managing products on the gaming floor

Position Overview

The primary responsibility of the Application Security Engineer Cyber Security is to support technologies that enable the companies cyber security goals and objectives securing the confidentiality integrity and availability of software and computer information systems. The role will serve as a security engineer for software development supporting technologies that facilitate security of the software products and services. Additional key responsibilities of role include review of vulnerabilities identified by application security technologies and processes and provide the true positive results to the appropriate software development teams and coordination with those teams to support their triage and remediation efforts for identified valid vulnerabilities. All duties are to be performed in accordance with departmental and Clients policies practices and procedures.

Essential Duties & Responsibilities

• Act as a primary technical resource in development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities.
  
• Manage application security program across multiple SDLCs.
  
• Ensure cybersecurity requirements are met prior to production release.
  
• Triage potential vulnerabilities identified by application security program with context of application and related business knowledge.
  
• Maintain understanding of core functionality of supported software and firstparty applications.
  
• Collaborate with software development and quality assurance teams to ensure code is free from security defects.
  
• Review performance of controls such as threat modeling SCA SAST DAST IAST RASP Secrets Scanning Container Scanning Misconfiguration Identification Secure Code Review CI/CD Pipeline Security Deployment Environment Security.
  
• Actively seek ways to improve secure software development processes.
  

Nice to have

• Professional certification in multiple programming languages (C# .NET Java etc.) recommended.
  
• Professional certifications in cyber security (CISSP OSCP etc.) recommended.
  
• Experience with CI/CD and pipeline tools such as Jenkins Docker Kubernetes and others.
  
• Knowledge of cloud platforms and services with experience in cloud security.
  
• Experience with automated software and security testing tools and techniques.
  
• Experience integrating security testing into an SDLC.