Application Security Engineer Job Listing at Mission Fed in San Diego, CA (Job ID 4877)

Description

SUMMARY:  The application security engineer is responsible for validating that application services are designed and implemented with high-security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security engineer supports continuous integration and continuous deployment (CI/CD) initiatives and is an integrated team member working with software developers, system engineers, data architects, and systems administrators to drive system efficiencies.

KEY RESPONSIBILITIES:

1. Build relationships with developers, engineers, scrum masters, and stakeholders to incorporate security principles into engineering design and deployments.
2. Work in tandem with developers to provide repetitive validation testing before production while allowing for a continuous cycle of development followed by application security assessments.
3. Perform vulnerability and penetration testing.
4. Simplify automation that applies security interworking's with CI/CD pipelines and build services and tools to enable developers and engineers to easily use security components in their workflows.
5. Fully define and follow a security review process to identify vulnerabilities in code through automated and manual assessments and promote quick remediation.
6. Conduct testing and validation in application security controls across cross-departmental projects.
7. Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
8. Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business and gain support through influential messaging.
9. Support the ability to shift left, incorporate security early on, and actively participate in application project meetings.
10. Participate in the company's change management program.
11. Research and learn new tactics, techniques, and procedures (TTPs) regularly in public and closed forums. Work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline.
12. Enrich DevOps architecture with security standards and best practices.
13. Train developers and other team members on application security weaknesses to avoid.
14. Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not negatively impacted.
15. Maintains in-depth knowledge of and complies with all Mission Fed, departmental and security policies and procedures, as well as, federal regulations applicable to the position, including BSA requirements. Completes all required compliance training as assigned.
16. Performs other duties as assigned.

QUALIFICATIONS:

Education: A bachelor's degree in a related discipline or industry-recognized information security certificates with relevant experience is required. Certifications from ISC2 (CSSLP, CCSP), SANS (GWAPT), EC-Council (CEH), OSCP, or Microsoft (AZ-500) will be considered.

Experience: A minimum of 2 years of experience with a bachelor's degree or a minimum of 5 years of relevant experience along with industry recognized certifications in lieu of bachelor's degree. The candidate should have highly technical experience, a DevOps background in public and private clouds, and working knowledge of OWASP, NIST CSF, CIS, frameworks, and threat modeling methodologies such as STRIDE.

COMPETENCIES:

Skills &Abilities:

• Highly technical and analytical experience, with a proven deep background in application programming.
• Proficiency in software development (Java, .NET, Python, C++, Ruby, etc.).
• Capable of scripting in Python, Bash, Perl, or PowerShell.
• Experience in threat modeling applications.
• Vulnerability and penetration-testing skills.
• Experience with agile workflows, including Scrum and Kanban.
• Experience with operation and security across Microsoft Azure or Amazon Web Services (AWS).
• Solid understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
• Experience with dynamic and static analysis tools.
• SQL database experience.
• Excellent verbal and technical written communication skills.
• Demonstrates solid organizational skills and the ability to multi-task and prioritize workload.
• Possesses high integrity and trustworthiness, and represents the company and its management team at the highest level of professionalism.
• Strong interpersonal and relationship-building skills are essential.
• Must be self-motivated and self-directed and be available to work a schedule involving after-hours and weekend work as needed.

WHAT WE OFFER: 

• Hybrid environment. Remote up to 2-3 days a week. (Some weeks may require more onsite days based on what's happening in the business)
• An opportunity to grow your career at San Diego's #2 employer!
• A chance to make a difference for the greater good at a hyper local company. We love SD!
• 18 days of PTO in your first year plus 12 holidays a year!
• 6% 401(k) match!
• Full benefits package including medical, dental, vision, life insurance, etc!

PHYSICAL DEMANDS/WORKING CONDITIONS:

• Constant sitting.
• Frequent repetitive use of the hand involving simple grasping.
• Occasional walking, standing, lifting, and carrying (0-10 lbs.).

**Critical features of this job are described under the headings above. They may be subject to change at any time due to reasonable accommodation or other reasons. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.**

We expect to pay between $117,000.00 - $140,000.00* for this opportunity.

*Actual base pay within this range will be determined by several components, including but not limited to, relevant experience, internal equity, skills, qualifications, and other job-related factors permitted by law.