AppSec Engineer- SME(100% Remote)

Key Responsibilities Skills:

Job Description

The successful candidate will be a subject matter expert with hands-on experience in a wide range of cloud technologies, software development, application security and security architectures, security tools, and methodologies. As an AppSec Engineer, you will apply your experience and expertise to challenging technical problems. You will work in a security team, but also as a partner with product teams and consultatively provide your security experience.

Responsibilities:

This is a hands-on technical role that will provide the right candidate an exciting opportunity to leverage and grow technical, process and leadership skills in an exciting area of the company.

    Develop approaches to address the implementation of software and OT security solutions

    Consult development teams on security requirements and utilize common components to meet them and documenting of a secure software development lifecycle

    Be able to scope and participate in hardware and software penetration tests, vulnerability identification, and vulnerability risk assessment

    Create and track meaningful metrics around product cyber risk and compensating controls

    Create vulnerability and incident trend analysis to improve product design

    Perform end-to-end application security reviews to ensure data, system components, and communication channels are appropriately protected

    Maintain cyber service catalog and conduct proactive vulnerability monitoring and assessment on cyber components

    Engage and administer End-of-Life processes for digital products

    Engage in application and domain-specific threat modeling and attack surface analysis/reduction

    Help prepare reports at appropriate levels of confidentiality for stakeholders to view

    Provides guidance on automated testing tools and techniques

    Maintain documentation of design patterns/recipes for common security requirements

    Architect, design, implement, support, and evaluate security focused tools

    Perform other security functions or tasks as directed.

Basic Qualifications:

    Bachelor’s Degree in Computer Science or in “STEM” Majors (Science, Technology, Engineering and Math)

    8 years’ experience in Information Technology

    6 years’ experience in Cyber Security engineering and support

    4 years’ experience in Software Security or OT/Product Security

Technical Expertise:

    Experience with secure coding principles; code signing and secure boot

    Experience with penetration testing and ethical hacking

    Practical implementation and architectural experience in encryption techniques, including data at rest and in transit

    Proficiency in creating dataflow diagrams, network diagrams, and other application related design documents

    Proven experience in security code review and code analysis

    Must be fully proficient in, and able to instruct others, on the OWASP Top 10

    Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)

    Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)

    Experience in securing cloud infrastructure such as AWS, Azure and alike (i.e., inspection, logging, WAF, VM)

    Experience in deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS), specifically within AWS, Azure and GCP

    Minimum of 5 years of experience with detection technologies (e.g. Snort, Suricata, Bro, netsniff)

    Minimum of 4 years of experience with scripting languages (e.g. Ruby, Python, Perl, and Powershell)

    Minimum of 2 years of experience with cloud technologies (e.g. AWS, Azure, OpenStack)

    Minimum of 1 year of experience with secure development life-cycles

    Minimum of 1 year of experience with identity management and authentication (Oracle OIM, AD)

    5-7 years of experience administering Unix-like operating systems (e.g. Linux, OSX)

    5-7 years’ experience administering orchestration tools such as Puppet, SALTStack, Chef, or Ansible

    Nice to have familiarity with industrial control systems Cyber Security norms and standards (IEC62443, NERC-CIP, ANSSI, ISO 27k…)

    Prior experience working within an Agile framework (Scrum/Kanban)

    One or more Security Certifications or equivalent (CISSP, etc.)

    One or more Platform Certifications or equivalent (RHCE, LFCE, etc.)

    Familiarity with data analytics and machine learning principles and techniques

    Knowledge of SIEM API integration techniques

Business Acumen

    Strong problem-solving abilities and capable of articulating specific technical topics or assignments

    Experience in building scalable and highly available distributed systems

    Expert in breaking down problems and estimate time for development tasks

    Evangelizes how our technology solves customer problems from a technology and business perspective

Leadership:

     Demonstrates clarity of thinking to work through limited information and vague problem definitions

    Ability to solve very complex security issues that span legal, compliance and regulatory obligations across various lines of business and shared service areas of the company

    Proactively identifies and removes project obstacles or barriers on behalf of the team

    Shares knowledge, power, and credit, establishing trust, credibility, and goodwill

Personal Attributes:

     Able to work under minimal supervision

    Excellent communication skills and the ability to interface with senior leadership with confidence and clarity

    Must have proven verbal communications and written documentation skills

    Able to work well with global teams, including time-zone flexibility

    Skilled in providing oversight and mentoring team members. Shows ability to effectively delegate work