Previous Job
Previous
IT Security Engineer
Ref No.: 18-08512
Location: Irving, Texas
Business Overview:

The IT Security Engineer must have the security domain expertise, technical expertise, leadership skills, communication skills, and negotiation skills to work with application project and development teams throughout the entire software development lifecycle to build security into applications produced.
The IT Security Engineer will also be expected to coach the IT development team to broaden their knowledge of best in class Dev Sec Ops-enabled security techniques and the latest IT security tools and trends. The role will be responsible for developing executive level readout materials, developing an achievable security improvement roadmap, and presenting results and recommendations at a senior leadership level.

Alternate location of Basking Ridge, NJ is also acceptable in addition to Irving, TX

Responsibilities:

Work with development teams to employ a secure architecture
Provide education and guidance about secure coding practices
Ensure compliance with Policies, Standards, Requirements, and Directives are met
Schedule, scope and prioritize security assessments of applications
Assess applications for vulnerabilities using manual and automated methods, such as threat modeling, code reviews, tool scans and penetration testing
Identify, document, rate, and communicate vulnerabilities in terms of Confidentiality, Integrity and Availability to multiple audiences
Reproduce, demonstrate and retest vulnerabilities
Provide guidance and direction on remediating vulnerabilities
Maintain awareness of security issues amongst the development community, summarize the incidents for internal resources, and determine proactive steps to reduce internal risk
Continually improve the secure development process and environment
Collaborate with Application Security team to develop executive level readout materials
Provide key input and recommendations into an overall security improvement roadmap


Required Qualifications:

Understanding of the Software Development Lifecycle (SDLC)
Understanding of multi-tiered architecture
Passion for application security
Process oriented
Ability to describe vulnerabilities and application security concerns to both technical and non-technical persons
3-5 years of hands-on technical experience developing and testing apps in .NET or Java
7-10 years application security experience
Experience performing architecture reviews and threat modeling
Experience with cloud security: Amazon AWS, Windows Azure

Preferred Qualifications:

Experience with SAST tools such as Fortify, Veracode, Checkmarx
Experience with DAST tools such as IBM AppScan, Client WebInspect, Acunetix, Qualys WAS, Zap, Burp
Experience with Open Source Software security tools such as Black Duck and vulnerability remediation guidance
Familiarity with infrastructure scanning tools such as Nessus and vulnerability remediation guidance
Ethical hacking certification, GIAC GWAPT, GSSP, or GWEB certified