Sr. Application Security Engineer

We are currently looking for an Application Security Engineer. This is ONSITE and an FTE position. Apply if interested.

Required Experience:

5

+ Years
Job Locations:

Carlsbad, CA | Fort Worth, TX

Location Restrictions:

Onsite

Basic Qualifications and

This position is responsible for ensuring that the Company’s technology and data are secure from malicious attacks that may breach or expose the Company’s IT systems, employee information, or intellectual property. This position performs security analyst tasks including detection and analysis of cyber security threats, support for forensic investigations, vulnerability scans and remediation, and would assist in managing and carrying our IT security projects and initiatives.

Responsibilities
  • Perform technical analysis of security logs to identify potential security threats before and after they occur and establish baseline security models
  • Perform regular vulnerability testing of systems, databases, and applications.
  • Work with IT Infrastructure team to ensure that new devices are properly monitored, registered and reporting to NOC/SOC.
  • Ability to monitor configuration, deployment, and integration of security technologies associated with web applications. This includes web application firewalls, dynamic and static analysis applications and services, and occasional code review.
  • Maintain Infosec procedures and report on deployed devices according to the standard build
  • Assist in monitoring the configuration, deployment, and integration of enterprise network technologies such as access control, routers, switches, load balancers, firewall, logging, and WIFI. Similar responsibilities for monitoring security tools such as IPS, SIEM, packet analysis, and WAF.
  • Maintain adequate compliance documentation presentable for external and internal audits
  • Must demonstrate strong communication skills by conveying necessary information accurately, listening effectively and asking questions where clarification is needed.
  • Strong analytical skills required, including a thorough understanding of how to interpret security needs and translate them into application and operational requirements.
  • Willing to adapt and learn to build high quality behavioral detection signatures at a steady pace
  • Analyzes problems involving multiple interrelated causes. Where necessary, gathers information and applies complex concepts or methods to generate an effective solution.
  • Ability to establish and maintain effective work relationships with all levels of personnel both internally and externally for the purposes of analyzing and following up on security incidents; e.g. leadership, executives, clients, vendors, and agencies.
  • Strong verbal and written communications skills
  • Must be able to maintain confidentiality.
  • Must be able to demonstrate and promote a positive team -oriented environment.
  • Must be able to stay focused and concentrate under normal or heavy distractions.
  • Must be able to work well under pressure or stressful conditions and meet required project deadlines.
  • Must possess the ability to manage conflict and/or direct change, delays, or unexpected events appropriately.
  • Must be available to work outside of normal working hours or on-call within rotation or as needed.
  • Demonstrates reliability.
  • In-depth knowledge and expertise in one or more security disciplines with emphasis on Vulnerability Management and Threat Monitoring.
  • Strong understanding of web application security including eCommerce.
  • Experience in the apparel and retail industry is a plus.
  • Knowledge of Firewalls, IP tables, Syslog, Windows Event Logs, IDS/IPS, Web Security, Endpoint Protection, Forensic Investigation, etc.
  • Familiar with DevOps processes and programming languages (Java, HTML, etc.).
  • Knowledge of Security Information & Event Management systems (SIEMs) such as SecureWorks, ArcSight, or Splunk.

Required Skills and Experience

  • Bachelor’s degree in Computer Science or equivalent work experience.
  • Minimum of 5 years of IT security experience. InfoSec experience across a combination of Antivirus, IDS/IPS, Firewall, SIEM, FIM, Database monitoring technologies.
  • Information security experience in a software development environment.
  • Previous experience working in a highly regulated industry that collects consumer data, including personally identifiable information (PII).
  • Experience developing security policies for cloud-based infrastructure (i.e. Azure, AWS, etc).
  • Experience with Incident Response (IR), forensic, and “hunting” for security events.
  • Security certifications, such as Certified Ethical Hacker (CEH), AWS Certified Solutions, OSCP, CompTIA Security+, would be a plus.
  • CSSP,CCSP, CISSP, or similar certification recommended.

Interested in this position?
Fill out the form below!