Previous Job
Application Scanning Engineer
Ref No.: 17-00323
Location: Dimondale, Michigan
Start Date / End Date: 10/23/2017 to 09/30/2018
State of Michigan - Application Scanning Engineer and System Administrator for Enterprise Application Scanning Platform

Note: Interview Type: In Person Only
Visa Type: US Citizen

Years of Experience:
5 or more years of experience in the field.

Job Description:
• Patch and update AppScan Enterprise and Source
• Reconfigure AppScan as needed, including certificate and/or LDAP changes.
• Run the user onboarding process for SAST and DAST.
• Submit new firewall requests as needed.
• Update Risk Assessment and Enterprise Architecture documents as needed.
• Remediate vulnerabilities across the AppScan environment.
• Serves as a Subject Matter Expert (SME) in the field of application security.
• Works with developers, architects, project leads/managers, business analysts, and others, in identifying security requirements for projects and ensures that these requirements are met as part of the software development lifecycle.
• Performs security design review, threat modeling and architectural/system security assessments, to ensure that solutions are being designed with a minimal degree of technical risk. The incumbent works to identify, triage, and provide remediation guidance of vulnerabilities within software applications and systems, using a variety of tools, techniques, approaches, and methodologies.
• Security testing of applications using static testing, dynamic testing, and application penetration testing
• Security assessments, risk analysis, recommend security requirements, participate in code reviews, provide security defect remediation guidance, and serve as a consultant to other business units while acting as an Application Security Subject Matter Expert (SME)
• Supports the enterprise security architecture and provides technical expertise to troubleshoot and solve problems as needed.

Required / Desired Skills

Skill Required / Desired Amount of Experience

3-5 years supporting IBM AppScan Enterprise Required 3 Years

3-5 years of experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST)

Required 3 Years

Familiar with Windows Server Required 3 Years

Familiar with OWASP Top 10 Highly desired 3 Years

Familiar with Software Assurance Maturity Model (SAMM) Highly desired 3 Years

Working knowledge of LDAP, Active Directory and security groups Required 3 Years

Working knowledge of cryptography, including encryption and hashing Desired 2 Years

Working knowledge of SSL/TLS protocols and certificate-based solutions Required 3 Years

Java and .NET software development experience Nice to have 2 Years

Basic database programming (SQL, etc) experience Desired 2 Years

Unix, Linux, Windows systems engineering experience Desired 2 Years