Application Security Engineer

$140,000 - $150,000/Yr

Bridgeview IT - Denver, CO

posted 4 months ago

Full-time - Mid Level
Denver, CO
Professional, Scientific, and Technical Services

About the position

The Application Security Engineer plays a crucial role within the cybersecurity team, overseeing the management and fortification of web-based applications both on-premises and in the cloud. In this capacity, this role is tasked with crafting resilient web application firewall (WAF), Bot Mitigation/Defense, and DDoS mitigation configurations, ensuring robust defense against threats and vulnerabilities while preserving seamless business operations and customer experiences. As the primary authority and subject matter expert on Web Application Firewall (WAF), Bot Mitigation (BotM), and DDoS Mitigation platforms, the Application Security Engineer will assess and devise cybersecurity architectures and designs that strike a balance between implementing robust security controls and fulfilling the functional requirements of the business. This includes defining and cultivating security requirements through meticulous risk assessments, comprehensive threat modeling, rigorous testing, and insightful analysis of existing systems. The engineer will lead web application security functions, spearheading strategic initiatives to proactively tackle external, internal, and emerging application security risks across the organization. Responsibilities also include setting up new sites and applications for WAF/BotM safeguarding, conducting thorough traffic analysis to eliminate false positives and optimize protection efficacy, and collaborating closely with engineering and architecture teams to assess the security readiness of both new and existing applications introduced into the environment. In addition, the Application Security Engineer will devise, test, and implement solutions and configurations with rule sets specifically crafted to safeguard against vulnerabilities and threats targeting both web-based and mobile applications. They will lead compliance hardening governance across cloud and application landscapes, conducting meticulous checks on device configurations to ensure version compliance, and identifying and promptly mitigating weaknesses. The role also involves analyzing reports stemming from vulnerability scans, penetration tests, and web testing to pinpoint areas of exposure and enhance application security posture in collaboration with application developers. The engineer will develop, oversee, and ensure compliance with the Secure Software Development Lifecycle (sSDLC) processes, aligning with industry best practices, and collaborate closely with cybersecurity and development teams to manage a comprehensive sSDLC process, integrating security testing functions (SAST, DAST, IAST, pen test) while balancing security and usability concerns. Furthermore, they will document and maintain policies, standard operating procedures, and OWASP best practices for application and host integrity, create and implement WAF/BotM rules and signatures to mitigate threats, and liaise with various teams to address organizational cybersecurity architecture and system security engineering requirements throughout their lifecycles.

Responsibilities

  • Serve as the primary authority and subject matter expert on Web Application Firewall (WAF), Bot Mitigation (BotM), and DDoS Mitigation platforms.
  • Assess and devise cybersecurity architectures and designs that balance robust security controls with functional business requirements.
  • Define and cultivate security requirements through risk assessments, threat modeling, testing, and analysis of existing systems.
  • Lead web application security functions and strategic initiatives to tackle application security risks.
  • Set up new sites and applications for WAF/BotM safeguarding and conduct traffic analysis to optimize protection efficacy.
  • Collaborate with engineering and architecture teams to assess the security readiness of applications.
  • Devise, test, and implement solutions and configurations to safeguard against vulnerabilities and threats.
  • Lead compliance hardening governance across cloud and application landscapes.
  • Analyze reports from vulnerability scans and penetration tests to enhance application security posture.
  • Develop and ensure compliance with the Secure Software Development Lifecycle (sSDLC) processes.
  • Collaborate with cybersecurity and development teams to manage the sSDLC process, integrating security testing functions.
  • Document and maintain policies, standard operating procedures, and OWASP best practices.
  • Create and implement WAF/BotM rules and signatures to mitigate threats.
  • Liaise with various teams to address cybersecurity architecture and system security engineering requirements.

Requirements

  • Bachelor's degree in Business, Finance, Computer Science, Engineering, IT, or related field.
  • 7+ years of enterprise security or application security experience.
  • 7+ years of deploying, configuring, and managing Web Application Firewall (WAF) platforms.
  • 5+ years of deploying, configuring, and managing Bot Mitigation (BotM) platforms.
  • 5+ years of deploying, configuring, and managing DDoS Mitigation platforms.
  • 2+ years of hands-on experience in a cloud-native environment (Azure, AWS, or GCP).
  • Hold an active cybersecurity certification (CSSLP, CISSP, CISA, etc.).
  • Familiarity with tools like Fastly, Akamai, Radware, F5, or HumanSecurity preferred.
  • Experience installing, configuring, and supporting Web Application Firewalls (WAFs) in complex enterprise environments.
  • Proficiency in Web Application Firewall (WAF) configuration, policy management, and related tools.
  • Strong understanding of applications, databases, web services, authentication, and middleware servers.
  • Knowledgeable about mobile application and device security (iOS, Android).
  • Familiarity with security concepts and tools such as SAST, DAST, IAST, and Web Application Penetration Testing.
  • Understanding of OWASP Top Ten, threats, vulnerabilities, and tactics used to compromise applications.
  • Experience in secure CI/CD pipeline design, architecture, automation, and secure code gating.

Nice-to-haves

  • Familiarity with regulatory requirements and laws such as SOX, PCI-DSS, HIPAA, GDPR, etc.
  • Knowledge of industry compliance standards and frameworks such as HIPAA, NIST, ISO, ITIL, etc.
  • Proficiency in one or more scripting languages (e.g., Python, PowerShell, JavaScript, Bash).

Benefits

  • Medical, Dental & Vision
  • 401(k)

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service