Bridgeview IT - Denver, CO
posted 4 months ago
The Application Security Engineer plays a crucial role within the cybersecurity team, overseeing the management and fortification of web-based applications both on-premises and in the cloud. In this capacity, this role is tasked with crafting resilient web application firewall (WAF), Bot Mitigation/Defense, and DDoS mitigation configurations, ensuring robust defense against threats and vulnerabilities while preserving seamless business operations and customer experiences. As the primary authority and subject matter expert on Web Application Firewall (WAF), Bot Mitigation (BotM), and DDoS Mitigation platforms, the Application Security Engineer will assess and devise cybersecurity architectures and designs that strike a balance between implementing robust security controls and fulfilling the functional requirements of the business. This includes defining and cultivating security requirements through meticulous risk assessments, comprehensive threat modeling, rigorous testing, and insightful analysis of existing systems. The engineer will lead web application security functions, spearheading strategic initiatives to proactively tackle external, internal, and emerging application security risks across the organization. Responsibilities also include setting up new sites and applications for WAF/BotM safeguarding, conducting thorough traffic analysis to eliminate false positives and optimize protection efficacy, and collaborating closely with engineering and architecture teams to assess the security readiness of both new and existing applications introduced into the environment. In addition, the Application Security Engineer will devise, test, and implement solutions and configurations with rule sets specifically crafted to safeguard against vulnerabilities and threats targeting both web-based and mobile applications. They will lead compliance hardening governance across cloud and application landscapes, conducting meticulous checks on device configurations to ensure version compliance, and identifying and promptly mitigating weaknesses. The role also involves analyzing reports stemming from vulnerability scans, penetration tests, and web testing to pinpoint areas of exposure and enhance application security posture in collaboration with application developers. The engineer will develop, oversee, and ensure compliance with the Secure Software Development Lifecycle (sSDLC) processes, aligning with industry best practices, and collaborate closely with cybersecurity and development teams to manage a comprehensive sSDLC process, integrating security testing functions (SAST, DAST, IAST, pen test) while balancing security and usability concerns. Furthermore, they will document and maintain policies, standard operating procedures, and OWASP best practices for application and host integrity, create and implement WAF/BotM rules and signatures to mitigate threats, and liaise with various teams to address organizational cybersecurity architecture and system security engineering requirements throughout their lifecycles.