Sr. Application Engineer, Cyber Security

Position Summary:

The Sr. Application Engineer, Cyber Security is responsible for building, managing and supporting information security that underpins all internal and external user technology services, according to security policies and best practices. 

The Sr. Application Engineer, Cyber Security has a strong development experience in numerous programming languages and is the subject matter expert (SME) for concepts behind security controls and how they apply to application development, web presence and API services. This individual is accountable for identifying weaknesses in our security posture within the application or web space while defining methods to achieve security control requirements via automation or highly efficient means that further support timely delivery with minimal overhead. They work across internal and external teams of infrastructure specialists and software engineers making sure services are delivered and used securely as required, offering advice and guidance on security decisions and ensuring the effective use of common tools and patterns.  

The incumbent must have a service-oriented mentality, a high sense of ownership of the problems and requests assigned, a focus on managing and resolving issues in alignment with the SLAs, establishing and maintaining communication with technology customers to keep them updated with status of their requests, initiating and performing changes on production systems and proactively escalating any issues that cannot be resolved within the established timeframes.

Additional insights, experience or background in any of the following are also of great value: NIST, ISO27001, Data Protection, Java Development, Static Code Analysis, Dynamic Code Analysis, Penetration Testing, Containers, MicroServices, CI/CD Pipeline, Agile, Git, Jira, Docker, Kubernetes, cloud security (AWS, Azure, GCP) and design, process maturity, and other related focuses

Primary Accountabilities

Technical (80%)

• Be the primary security expert for multiple product lines and act as the point of contact for engineering and security.

• Perform architecture reviews to steer projects in the right direction, participate in security code reviews, and automate penetration testing against products prior to move to production.

• Support engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure their architecture.

• Review development frameworks for security functionality, consistency, and uplift opportunities.

• Create threat models and leverage them to prioritize time based on risk impact.

• Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects.

• Implement and/or assess existing security controls.

• Translate logical designs into physical designs; produce detailed designs and document all work using required standards, methods and tools, including prototyping tools where appropriate. 

• Designs systems characterized by managed levels of risk, manageable business and technical complexity and meaningful impact; works with well-understood technology and identifies appropriate patterns.

Project Management (20%)

• Work with application development teams to ensure secure software development lifecycle (S-SDLC) implementation and validation.

• Educate and train product teams.

• Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical cyber security subjects.

Required Qualifications: 

• Bachelor of Science Degree in Computer Science, or a Bachelor of Arts Degree in a related technical field,

• 10+ years of related work experience in security engineering

• Or any equivalent combination of experience and training/certification that provides the required knowledge, skills, and abilities needed to complete the major responsibilities/essential functions of the position

• Certifications preferred.  OSCP, CISSP, GCIH, GXPN, GPEN

• Strong experience in web and mobile application security 

• Strong experience in distributed platform development security and design

• In-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)

• Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)

• Experience with industry tools and technologies such as Burp, Metasploit, etc.

• Strong knowledge of common languages such as Python, GO, Javascript, Java, etc.

• Solid understanding of  public cloud security deployment and implementation issues (AWS, Azure, GCP)

• Understanding of  audits and standards requirements such ISO 27001, PCI DSS, SOC 1 & 2, etc.

• Proven expertise in enterprise-grade and web scale security solutions

Specific Technical Skills Needed: 

Security and Risk Assessment

• Aware of Security governance principles and able to apply them to the enterprise

• Understands the legal and regulatory Issues relevant to the enterprise and does not place the enterprise at risk.

Security Engineering

• Solid working knowledge of secure design principles

• Solid working knowledge of database security

• Solid working knowledge of cloud computing

• Solid working knowledge of Cryptography

Identity and Access Management

• Physical and logical access

• LDAP

• Multi-factor authentication

• Session management

• Credential management

Software Development Security

• Solid working knowledge of software development lifecycles

• Solid working knowledge of what software development methodologies are used in the enterprise and can explain what it means

• Familiar with DevOps concepts

• Solid working knowledge of security vulnerabilities and understands how the following work: Bounds checking, Input/output validation, Buffer overflow, Privilege escalation

• Solid working knowledge of secure coding practices

• Solid working knowledge of code repositories

Individual Competencies:

• Integrity: Gains the trust of others by taking responsibility for your own actions and telling the truth.

• Teamwork: Builds relationships and works cooperatively with others, inside and outside the organization, to accomplish objectives to build and maintain mutually-beneficial partnerships, leverage information and achieve results.

• Adaptable: Responds to change with a willingness to learn new ways to accomplish work objectives with a positive attitude.

• Innovative: Ability to develop, sponsor, or support the introduction of new and improved methods, products, procedures or technologies.

• Curious: A desire to inquire and learn, to seek new knowledge and wisdom, and to listen to the contributions of others with a genuine interest to better self, the team, and the organization.

• Analytical and Critical Thinking:  Ability to tackle a problem by using a logical, systematic, sequential approach.

• Problem Solving: Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.

The physical demands described here are representative of those that must be met by an associate to successfully perform the major job responsibilities (essential functions) of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the major job responsibilities. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job.

As an Inmar Associate, you:

• Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations. 

• Treat clients and teammates with courtesy, consideration and tact; you also have the ability to perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client. 

• Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually-beneficial partnerships, leverage information to achieve results. 

• Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability. 

• Understand that results are important and focus on turning mission into action to achieve results following the principles of Flawless Execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.

We are an Equal Opportunity Employer, including disability/vets.