Job Description :
Company Overview:
Creating value by bringing together the right people to achieve results is our motto. Our clients and employees say they choose to work with us because of how we work with them - with service that exceeds their expectations and a personal commitment to their success.
Our client, is the largest privately held insurance company domiciled in California, seeks an accomplished Information Security Engineer.
* Candidate must be authorized to work in USA without requiring sponsorship *
Description:
The Application Security Engineer will determine application security requirements; planning and evaluating security controls; preparing security standards, policies, and procedures; and mentoring team members in adopting and writing secure code.
The candidate will work with cross-functional teams to analyze application security risks, adopt OWASP, use static and dynamic analysis tools, fuzzing, and application penetration tests to identify weaknesses in applications, and provide solutions to remediate risks.
The Application Development security engineer will be in charge of applying expert-level security practices for the IT Business Technology Services’ development and integration of applications and web environment programs.
This professional will drive agile security projects to be included in the developers and program managers’ sprints and user stories objectives, and ensure the implementation of a secure SDLC cycle.
Work with enterprise software architects and developers to implement security practices in the enterprise SDLC.
Conduct security-focused code review, threat modeling and application penetration assessments by applying knowledge of security technical controls and hacking techniques.
Track security design requirements from design and system configuration to deployment, including code quality, cryptography, hash functions, and key handling.
Work with development and QA teams to ensure the use of secure coding practices, change management, and verification methods.
Participate in the creation, maintenance and enforcement of enterprise security documents (policies, standards, baselines, guidelines, processes and procedures
Provide risk reports and remediation recommendations, and assist with the remediation activities where applicable.
Translate technical security concepts to business-oriented audiences and interact with technical managers and development teams to articulate requirements and processes.
Requirements:
Is experienced in working around a variety of information security standards, governance, risk, and compliance methods including PCI, ISO 27001\27002 or NIST 800-53 standards.
Has experience or knowledge of both cloud and on-prem security models and experience working in heavily SaaS-based application integrations.
Has experience utilizing static analysis tools such as Veracode, HP Fortify or WhiteHat in code review in one or more of the following languages: C#, ASP.NET, WCF, and Java.
Has experience with IIS, Apache web server and one or more of the following database environments: MS SQL Server 2008/10/14/16.
Has familiarity with APIs - web services (RESTful and SOAP), SOA, and utilizations of LDAP, SSO, SAML and Active Directory.
Has experience with Jenkins or other release management (and DevOps) utilities.
Has working knowledge with the administration of Windows and Red Hat Linux or other Linux distributions.
Preferred:
Possesses a bachelor’s degree in Information Assurance, Computer Science, Computer Information Systems or a related field.
3+ years of experience in security management with expertise in applying secure software development methods within system development lifecycle efforts.
SANS GIAC certification, CISSP or related information security certifications.
I''d love to talk to you if you think this position is right up your alley.
If you''re looking for rewarding employment and a company that puts its employees first, we''d like to work with you. We''re driven, people driven.
NOTE: Candidates that are offered a position are required to pass pre-employment drug and background screening. Qualified candidates with criminal histories, are considered in a manner that is consistent with local, state and federal laws.