Application Security Engineer

Job Description: 

Application Security Engineer

C&R Software I Jonas Software

Job Summary

The application security engineer is responsible for validating that application services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security engineer addresses legacy and emerging security issues and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. As issues are uncovered, the application security engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation – allowing for business continuity, but without negligent risk. Application security engineers are constantly assessing applications for weaknesses and finding resolutions before they can be abused.

This position is also responsible for assessing the security of applications for business-to-business initiatives, third-party relationships, and vendors. Considered a highly knowledgeable individual, the application security engineer is expected to recommend programmatic controls and monitor and manage secure development practices to address modern day issues.

Job Responsibilities

• Develop secure software development standards and implementation across the product suite.

• Work with development teams to ensure Software Composition Analysis (SCA), Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scans are on conducted on a defined cadence.

• Coordinate external application penetration testing and application vulnerability assessments.

• Ensure software vulnerabilities are tracked, remediated within appropriate timelines and security exceptions are managed.

• Focus on automation to aid in efficiencies with both testing and remediation of findings.

• Work in tandem with developers to provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by application security assessments.

• Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing.

• Attend and participate in application projects and change management committees. This includes interacting with product and technical teams to understand what is coming and how their projects can be more secure from the beginning.

• Use security standards and implementation configurations, as well as common security frameworks.

• Align with architects and development teams for a mission of secure design.

• Train developers on secure coding practices

• Actively participate and lead meetings that facilitate secure design.

• Highly engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership, development managers and architects.

• Focus on application security that observes compliance – PCI DSS, SOC2 SSAE18, ISO 27001and global privacy laws.

• Work in tandem with architecture, development, product and security team members.

• Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not impacted.

• Perform other duties as assigned by the Chief Information Security Officer

Job Qualifications

• At least 5+ years’ experience in cybersecurity, including compliance and risk management with a system and network security engineering or development background.

• Highly technical and analytical experience, with a proven deep background (preferred 5+ years’ in addition to cybersecurity) in application programming.

• Experience in threat modeling applications.

• Application vulnerability and penetration-testing skills is an asset

• Excellence in communicating business risk from cybersecurity issues.

• Proficiency in software development (Java, Angular, C#, Spring, ASP.net, Python, etc.).

• Solid understanding of network and web protocols.

• Experience with SCA, SAST and DAST tools; knowledge of the Synopsys tools Coverity, Black Duck and Tinfoil is an asset.

• Understanding of frameworks such as OWASP, BSIMM, SAMM, SABSA, O-ESA etc.

• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.

Additional Qualifications

• Experience with applications hosted in Amazon Web Services (AWS) or Microsoft Azure.

• Experience with cryptography controls and measures to secure applications and data. Proficiency with scripting in Python, JavaScript, PowerShell or Bash.

• DevOps background in public and private clouds.

• Experience with one or more of the following: ISO 27001, NIST CSF, PCI DSS, GDPR, CIS standards or SOC2.

• Working knowledge of Windows, Linux and Unix.

• Familiarity with privacy laws.

Education Requirements

• Bachelor’s degree or college diploma in Computer science, Cybersecurity, Engineering, Information Technology or related field, or equivalent.

Experience Requirements

• 5-7+ years of related experience required

Certification Requirements

• One of CISSP, CSSLP, CISM, OSCP, CEH, SANS GWAPT etc.,

#LI-VL1

Business Unit: 

Scheduled Weekly Hours:

Number of Openings Available: 

Worker Type: 

More About Jonas Software:

Jonas Software is the leading provider of enterprise management software solutions to the Country and Golf Clubs, Foodservice, Construction, Fitness & Sports, Attractions, Salon & Spa, Education, Radiology/Laboratory Information Systems, and Product Licensing industries. Within these vertical markets, Jonas is made up of over 65 distinct brands, which are respected and leaders within their own domain.

Jonas’ vision is to be the branded global leader across the aforementioned vertical markets and to be recognized by customers and respective industry stakeholders as the trusted provider of ‘Software for Life’ and as an ambassador for technology, product innovation, quality, and customer service.

Jonas Software is the valued technology partner of over 60,000 customers worldwide in more than 30 countries. Jonas employs over 2,000 skilled individuals consisting of a cross-section of industry experts and technology professionals.  Jonas is headquartered in Canada and also operates offices throughout North America, the United Kingdom, Europe, Australia New Zealand and Africa.  Jonas is a 100% owned subsidiary of Constellation Software Inc., headquartered in Toronto and traded on the S&P/TSX 60.