Application Security Engineer/Analyst II (010453)
Smart Solutions is searching for a direct-hire Application Security Engineer/Analyst who will help improve and maintain our partner’s application security program by serving and providing experienced guidance about secure web development design and testing. The resource will partner with DevOps, Engineering, and Architecture teams to educate, evangelize, and validate secure development practices. The right person for this role will need experience with secure software development design principles and security testing.
Compensation and Benefits:
- Eligible for annual Performance Bonus Program
- 401(k) with dollar-per-dollar match up to 6% of salary
- Competitive paid time off
- Health and dental insurance start DAY 1
- Vision insurance
- Flexible spending, dependent care, and health savings accounts
- Short- and long-term disability, group life insurance
- Innovative professional and cognitive development programs
- Perform security activities, including security design reviews, threat modeling, code auditing on internally and externally developed software
- Grow program influence of modern application security principles in an Agile methodology
- Govern automated secure coding tools and processes (SAST, DAST)
- Provide Application Security guidance and training to developers and testers for building resilient products
- Perform penetration testing against web applications and hosting infrastructure
- Create security reports regarding vulnerability metrics found in testing efforts
- Operate as an incident responder for triage about web-based vulnerabilities
- Oversee 3rd-party security assessments for web applications and infrastructure
- Leverage experience and understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST)
- Build, manage, and enforce application security development policies, procedures, and standards
- U.S. citizenship is required for this position due to Department of Defense restrictions
- Bachelor’s degree in Information Technology, or related field OR equivalent post-high school education and/or work-related experience
- 1+ years of experience in Static Code Analysis and Software Vulnerability Assessment
- This role is regionally local to the Madison, WI area, to allow for face to face meeting in our Madison office.
- Our partner is open to considering applicants that would be 100% remote from an approved state.
- Related Security or Audit certifications:
- Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- Certified Associate in Software Testing (CAST)
- Certified Information Systems Security Professional (CISSP)
- Knowledge of:
- Static and dynamic code assessment tools
- Web Application Firewall concepts.
- Fortify WebInspect
- Tenable Security Center
- OWASP Top 10 application vulnerabilities
- working with 3rd party service vendors
- HIPAA Privacy Rule
Would you like to learn more about this direct-hire role? If so, apply now, and one of our Senior Technical Recruiters will reach out today!
Smart Solutions, Inc. is an equal opportunity employer functioning under an Affirmative Action Plan.