Application Quality and Security Engineer

Consultant, Contract-to-Hire
Remote
Posted 2 months ago

Application Quality and Security Engineer

6 Month: Contract/Contract-to-Hire

Fully Remote

Reporting to the Director of Security Engineering, and working with other members of the security team, project delivery, Operations, and IT teams. This role is responsible for the overall quality and security of applications and products.

Responsibilities include:

  • Ensure new projects are scoped, implemented and deployed in a secure manner;
  • Provide application security expertise to customer project delivery teams throughout the Software Development Lifecycle (SDLC);
  • Review static code analysis findings for exploitability and provide recommendations to developers for remediating findings.
  • Perform validation and testing on mobile and web applications to ensure products meet internal requirements and industry standards for software security.
  • Provide security and compliance subject matter expertise and consultation to internal Business Units and Customers;
  • Maintain, apply, and enhance security architecture, development, testing, operations, and compliance standards throughout the organization;
  • Coordinate with the IT, Operations, and Delivery teams to ensure adherence to strong SDLC tools and processes and training in secure coding and testing best practices;
  • Perform security/compliance internal audits on new projects;
  • Perform risk assessments on vendors, tools and processes;
  • Advise on strategy or new and existing compliance standards for company and customers;
  • Support and lead internal security operations functions, including security awareness, vulnerability management, and incident response;
  • Consult with IT and Delivery teams on forensic analysis of breaches and exploits;
  • Maintain, apply, and enhance a set of materials for internal and external use related to company’s security and compliance posture and on-going expertise;
  • Assist with creation of periodic blog posts and other market-facing content on topical security & compliance subjects;
  • Represent company with industry leaders, analysts and standards bodies in areas related to security and compliance;
  • Provide other security, compliance, and technical tasks as assigned by the Director of Security Engineering.

Desired Experience and Capabilities:

  • Programming experience in one or more languages (Python, JavaScript, Java, Obj C or Swift preferred)
  • Ability to understand, explain, and demonstrate various security vulnerabilities & risks including XSS, CSRF, Code Injection, MitM, Brute-force/Dictionary/Rainbow Table attacks
  • Knowledge of stack exploitation in C based languages
  • Experience with Mobile (Android and iOS) application architecture
  • Experience with AWS technologies and recommended security best practices
  • Experience explaining technical and security concepts to both technical and non-technical resources in a consultative role
  • Excellent oral, written, and interpersonal communication skills
  • Knowledge of industry regulations such as GDPR and HIPAA, or other industry standards such as PCI DSS, ISO 27001, or OWASP
  • Experience delivering security training to security professionals, engineers, and non-engineers

Applicable Certifications Include:

  • CompTIA Security+
  • Certified Ethical Hacker (CEH)
  • Certified Information Systems Security Professional (CISSP)
  • AWS Certified Security – Specialty

Job Types: Full-time, Contract

Pay: Up to $90.00 per hour

Job Features

Job CategoryInformation Technology, Technology

Apply Online