Application Security Engineer

Winmill Software

posted about 1 month ago

Full-time
Remote
Professional, Scientific, and Technical Services

About the position

Winmill Software is actively seeking a full-time Application Security Engineer to join our team. This role is crucial in ensuring the security of our applications through comprehensive assessments and remediation strategies. The ideal candidate will possess a strong background in application development, enabling them to effectively collaborate with developers to address and remediate vulnerabilities. The candidate will be responsible for designing and building Application Lifecycle Management (ALM) architectures that support static and dynamic scanning, risk correlation, and remediation management. This position requires an enthusiastic problem solver with excellent communication skills, capable of working independently and directly with clients. A commitment to establishing and teaching best practices for Application Security and Secure DevOps is essential. In this role, you will design and build secure development operations (Secure DevOps) architectures for clients as part of a continuous integration process. You will perform static and dynamic application vulnerability assessments using multiple tools, evaluate scan results, parse out false positives, correlate results from various tools, triage results, and provide actionable recommendations for remediation. Additionally, you will be involved in actual code remediation in one or more programming languages and will train clients on Secure DevOps best practices, as well as how to effectively use various security tools. You will also help build out Secure DevOps architectures in WinMill sandboxes and train WinMill staff on best practices, ensuring a robust security posture across all development activities.

Responsibilities

  • Design and build secure development operations (Secure DevOps) architectures for clients as part of a continuous integration process.
  • Perform static and dynamic application vulnerability assessments using multiple tools.
  • Evaluate scan results, parse out false positives, correlate results from multiple tools, triage results and provide recommendations for remediation.
  • Perform actual code remediation in one or more programming languages.
  • Train clients on Secure DevOps best practices, as well as how to use various tools.
  • Help to build out Secure DevOps architectures in WinMill sandboxes; train WinMill staff on best practices.

Requirements

  • Bachelor's degree in computer information systems, or equivalent.
  • At least three (3) years' experience in software development using one or more of the following: javascript, node.js, java, C, C#, .NET, PHP, Python, Ruby.
  • Ability to identify vulnerabilities in applications written in these languages.
  • Knowledge and ability to assess web and non-web applications.
  • Knowledge of secure coding methodologies including OWASP Secure SDLC, MS-SDLC.
  • At least two (2) years' experience with dynamic security testing tools such as Acunetix, BurpSuite, HP Webinspect, Veracode and ZAProxy.
  • At least two (2) years' experience with static testing tools such as CheckMarx, HP Fortify Static Code Analyzer and Veracode.
  • Knowledge of CI/CD tools such as Artifactory, git, Chef, CircleCI, Consul, Jenkins, Microsoft TFS.
  • Knowledge of secure methodologies and programming concepts including cryptography, authentication models and standards, secure libraries, and methods to evaluate their applicability to business and development problems.

Nice-to-haves

  • Knowledge of AWS environments and development within them, including CloudFormation.
  • Experience, knowledge and presence to teach and train developers on secure coding and development techniques.
  • Proficiency in written and spoken English.
  • Ability to present findings and summaries of issues to senior management.
  • Proactive and self-motivated, including willingness to reach out to development teams and stakeholders to discuss issues and identify areas needing assistance.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service