APPLICATION SECURITY ENGINEER
Company: Target Labs, Inc
Location: Rockville
Posted on: November 1, 2024
Job Description:
The Application Security Engineer (ASE) is responsible for
promoting, designing, and evaluating application security in all
phases of the application life cycle. The ASE shall ensure that
appropriate and effective security techniques and solutions are
identified, implemented, and used.Essential Job Functions:
- Software Security Assessment: Evaluate applications for
appropriate and effective use of security controls using tools and
techniques such as source code analysis, vulnerability scanners,
and manual testing techniques.
- Application Security Control Development: Provide expert
guidance to developers on the appropriate selection and
implementation of relevant application security controls.
- Security Awareness Training: Design, develop and deliver
presentations focused on raising awareness for crucial security
relevant considerations and defensive programming techniques.
- Contract Security Provision Review: Work with business
stakeholders and legal services to evaluate service agreements with
Application Service Providers (ASPs), and provide expert guidance
related to security provisions necessary to help ensure the
necessary visibility and rights needed to protect our data and meet
our commitments.
- Other Job Functions: Participate in research of information
security technologies (in the areas of application and application
infrastructure components) and propose ideas for new security
service development. Participate in all aspects of security service
development projects including the following project phases:
business case development, requirements gathering, architecture
development, product/service selection and procurement, functional
& QA testing, detailed technical design, technology infrastructure
implementation and deployment, migration from existing services,
operational process and procedure documentation, operations staff
training, and internal marketing of security services. Advise and
consult internal clients on appropriate application of security
practices and existing security services to solve problems or
enable new business opportunities. Deliver previously developed
information security services in support of corporate needs
including: requirements gathering, technical design, service
deployment and integration, migration, operational transition, end
user documentation, user training. In support of various enterprise
IT initiatives, recommend, customize, implement, document, and
transition to operations reusable technical security service
components including application level intrusion detection systems,
authentication systems, authorization systems, audit trail
management systems, cryptographic systems, and others as defined by
management. Research and implement new security technologies to be
used as point solutions for IT initiatives unable to take advantage
of or needing greater functionality than reusable enterprise
security services. Recommend new security service development ideas
based on accumulated knowledge of project-specific security
requirements. Identify and implement improvements to application
security team processes and supporting software tools (Java and
C#/ASP based) to continually improve the team's effectiveness and
efficiency. Serve as subject matter expert on application and
information security technologies and methodologies. Perform other
duties and responsibilities as assigned.Essential
Education/Experience Requirements:
- Bachelor of Science in Computer Science, or equivalent
education or experience. Emphasis in software security a plus.
- At least three (3) years of professional experience,
including:
- Two (2) or more years in software engineering and development
with emphasis on the delivery of secure, Internet-exposed,
multi-tier, web-based systems using Java/J2EE and/or C#/ASP/.NET
(experience with both a plus).
- At least one (1) year of hands-on experience evaluating the
security of applications using both manual and automated
techniques. Relevant tool experience should include code security
scanners such as Fortify SCA, web vulnerability scanners such as HP
WebInspect or IBM Rational AppScan, assessment support tools such
as BurpSuite, Metasploit, Core Impact, etc.Strong written and
verbal communication skills. Specific relevant experience may
include technical reports (especially application security
assessment reports), technical whitepapers, presentation
development and delivery (for both technical and business
audiences), technical training, etc. Candidate should have
experience making and defending sound technical arguments that
incorporate relevant technical and business considerations, and
building consensus among stakeholders.Other Desirable
Experience:
- Security-related experience with the following:
- Providing software architecture security guidance, including
developing application threat models and methodically protecting
against business logic and design flaws that could introduce
security vulnerabilities.
- Web Application Firewalls such as Imperva SecureSphere and
Breach WebDefend.
- Design patterns and coding standards for secure software.
- Secure configuration and operation of Application Servers, Web
Servers, Directory Servers, Media/Content Servers, Messaging
Servers, Database Servers, and Integration Servers.
- Application authentication & authorization systems such as RSA
ClearTrust and Netegrity Siteminder.
- Application layer intrusion detection systems such as Sanctum
AppShield, or Kavado.
- Knowledge of PKI systems such as RSA Keon.
- Knowledge of cryptographic tool kits for application
development such as RSA BSAFE or others.
- Knowledge of and experience with built-in and add-on security
capabilities of common application infrastructure components such
as MS SQLServer, Oracle, MS IIS, iPlanet Directory, MS Active
Directory, MQSeries, MSMQ, MS Exchange.
- Knowledge of general application security API's and protocols
such as: MS CryptoAPI, Kerberos, SSL/TLS, SAML, S/MIME, and PKCS
API's.
- End-to-end, hands-on experience in security solutions for
complex enterprise architectures.
- Knowledge of cryptographic solutions for protection of data in
use, in transit and at rest, such as: Masking, SSL/TLS, IPSec,
format preserving encryption & sanitization, etc.
- Knowledge of security considerations related to virtualization
and cloud computing.
- Mobile Application Security on iOS and/or Android devices;
includes experience in secure development of applications and/or
analysis.Financial services industry (Insurance, Banking,
Investments) experience a plus.
#J-18808-Ljbffr
Keywords: Target Labs, Inc, Potomac , APPLICATION SECURITY ENGINEER, Engineering , Rockville, Maryland
Didn't find what you're looking for? Search again!
Loading more jobs...