Principal Application Support Engineer
ATPCO
AWSCloudGrafanaJ2EEJavaLinuxMongoDBMySQLNeo4jRedisServiceNowShell Scripting+3 more
Application Security Engineer, Hybrid, US
EnergySolutions
full-time
Posted on:
Location: California, Illinois, Oregon • 🇺🇸 United States
Visit company websiteSalary
💰 $94,200 - $119,800 per year
Job Level
Mid-LevelSenior
Tech Stack
Amazon RedshiftAWSCloudDjangoPostgresPythonSDLC
About the role
- Hands-on application security and compliance activities across the SDLC.\n
- Manage security-related tasks in the SDLC to ensure software development activities remain in compliance.\n
- Collaborate with software developers and code base leads; bridge between business requirements and security.\n
- Act as SME in security architecture including new designs and design review.\n
- Recommend application security improvements based on best practices, OWASP standards and other web application security frameworks.\n
- Review architecture and compliance-related code changes.\n
- Manage API security including vulnerability scans and best practices.\n
- Manage security components of the Mendix web development platform and Django; maintain scans and findings from SCA tools.\n
- Train and educate IS staff on security best practices including OWASP Top 10.\n
- Ensure compliance with policies and standards such as secure separation of environments.\n
- Manage and maintain all security-related tickets, including recommendations, testing and validation.\n
- Security Compliance (SOC 2 and NIST 800-53) implementation and maintenance.\n
- AWS security responsibilities: IAM policies, security groups, monitoring; Database security (RDS, Postgres, Redshift).
Requirements
- Minimum 3 years of hands-on application security experience, including secure SDLC integration, design review, best practices and vulnerability identification/remediation.\n
- Minimum 3 years hands-on experience securing web application frameworks and applications.\n
- Minimum 3 years of security frameworks: NIST-800-53/ SOC 2
