Previous Job
Previous
IT Analyst IV
Ref No.: 18-00580
Location: Johnston, Iowa
We have a Contract role for a Application Security Engineer with our client in Johnston, IA. Please let me know if you or any of your friends would be interested in this position.

The details of the position are:

Application Security Engineer

Role:
  • Provides application development and support to partner in the planning, delivery and/or support of business processes utilizing information technology and business practices for strategic business units. Work is of medium to high complexity and moderate to high in risk.
  • Has expanded contact with responsibility to varied and multiple departments and functional operations, and actively participates in strategic business relationships.
  • Serves as a key team member which may include being on multiple teams and/or team lead.
  • Participates in the review and formation of processes.
  • May plan work and schedules for others for project related work. Impact of decision-making is medium to high risk and impact.
  • Serves as a consultant or expert and actively shares knowledge across workgroups.
  •  Applies information analyses to optimize the integration of major strategic business processes.
  • Designs and implements complex changes impacting several processes with minimal direction.
  • Primarily performs as an individual contributor but may supervise a small work team (6 or fewer members).
 Responsibilities:
  • Lead the Identification, analysis and selection of complex information technology and business practices to support strategic business process/plans.
  • Participates as required to design, develop, test and integrate applications of high complexity.
  • Lead in the implementation of information technology and business processes of high complexity. Supports, evaluates, and continuously improves information technology and business processes to maintain alignment with business plans of medium-high complexity and medium-high risk.
  • Leads the development and may manage a project plan and schedule for a given functional area. Acquires solid foundation of project management. Engages in expanded contact with varied and multiple departments and functional operations; actively participating in strategic business relationships and/or issues.
  • Provide the technical guidance and partner with JDF architecture, data, application and infrastructure areas to interpret security standards and derive appropriate solutions to manage risk and maintain compliance within the JDF application development areas.
  •  Drive JDF SecDevOps and Secure Programming practices and processes including application requirements and design reviews for improving security and assist with the interpretation, prioritization and resolution of vulnerabilities identified through code scanning methodologies.
  • Identify and support the remediation of security vulnerabilities in applications, databases, middleware, operating systems, and networks.
  • Leverage a variety of methods to identify vulnerabilities, including but not limited to scanning tools, automation tools, and data analysis.
  • Partner with delivery teams across JDF IT to ensure appropriate security configurations for application development, connectivity and data exchange, iddleware, etc., including participation in the development of hardening standards for cloud adoption and the application of secure coding standards to ensure confidentiality of client information and compliance with applicable standards and regulatory controls.
  • Ensure continuous improvement in the vulnerability management process by preventing vulnerabilities from being deployed to production; examples include reviewing tools and processes such as secure configuration and patch management; providing input into standards and policies; and performing retrospectives.
  • Keep current with industry trends and enterprise initiatives, to ensure that our Information Security program capabilities evolve with emerging threats, new technology capabilities, and business needs.
 
 
Requirements:
  • 4+ years of experience in Information Security focusing on security solution design, engineering, implementation and assurance.
  • 2+ years of experience working with Information Security and IT general controls, including experience defining and documenting controls using COBIT 4.1 or 5.0, the NIST Cybersecurity Framework, the ISO 27k framework, the SANS 20 critical controls or similar experience.
  • 2+ years application security experience with corresponding SecDevOps technologies (e.g. Jenkins, GitHub). • Demonstrated experience with AWS security and application deployment best practices.
  •  Understanding of code scanning and application vulnerability Client technologies and methodologies (e.g. DAST, SAST, penetration testing).
  • Strong knowledge of the OWASP Top 10 and other common software security knowledge indexes. • Understanding of the regulatory environment and experience with regulators.
  • Strong written and verbal communication. • Comfortable delivering tasks and assignments in an evolving and a maturing environment.
  • Preferred Skills and Experience:
  • Experience in Financial Services and or Banking industries.
  • Deep understanding of Information Security technologies including firewalls, IDS/IPS, Password Vaults, CASBs, SIEM, IT GRC, DLP, etc. • Experience with the FFIEC Cyber Security Assessment Tool.
  • Applicable certifications (e.g. CISSP, CISA, CISM, CGEIT, CRISC).
 

If you are interested in this opportunity, please email your resume at jobs@generistek.com. Also, you can call us at # (630) 299 5176.
.

About Generis Tek:
Generis Tek is a boutique IT/Professional staffing based in Chicagoland. We offer both Contingent Labor & Permanent placement services to several Fortune 500 clients Nationwide.
Our philosophy is based on delivering long-term value and build lasting relationships with our clients, consultants and employees. Our fundamental success lies in understanding our clients’ specific needs and working very closely with our consultants to create a right fit for both sides. We aspire to be our client’s most trusted business partner.