Ryder - Raleigh, NC
posted 5 months ago
We seek a highly motivated and experienced Application Security Engineer to join our growing security team. This role is highly technical and candidates must possess a solid understanding of the security and privacy of our company's applications and data. The Application Security Engineer must understand development, coding, security engineering, and secure systems configurations. This position ensures that every step of the software development lifecycle (SDLC) follows security best practices. This involves conducting security assessments with SAST and DAST tools, reading source code, threat modeling, and designing and implementing secure software development practices. They will determine where security vulnerabilities exist and implement fixes. They must understand how an application may be misused and exploited. The Application Security Engineer will collaborate with software development teams and provide guidance on best practices for secure coding. They will also stay up to date on the latest security trends and technologies and integrate them into the organization's security strategy. The ideal candidate will have strong analytical and problem-solving skills, as well as experience in application security and knowledge of programming languages and web technologies. A Bachelor's degree in Computer Science and certifications such as CISSP, OSCP, or CASE are preferred. The essential functions of this role include conducting security assessments that require expertise of our organization's applications using both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) methodologies. The engineer will collaborate with software development teams to integrate security into the development life cycle, conduct security assessments of web, mobile, and other applications, analyze security assessment results to identify vulnerabilities, and provide guidance on remediation. They will design and implement secure software development practices, including threat modeling, secure coding standards, and code review. Staying current with security threats, trends, and technologies is crucial, as is conducting application security investigations and providing recommendations to mitigate risk. Additionally, maintaining security documentation and collaborating on security policies, procedures, and standards is part of the role.