Senior Application Security Engineer

Senior Engineer – Application Security

Salary: Open + Bonus

Location: Chicago, IL / Dallas, TX

Hybrid: 3 days onsite, 2 days remote

*We are unable to provide sponsorship for this role*

Qualifications

• Bachelor’s degree
• 3+ Years’ strong proficiency in network and application penetration testing.
• Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.).
• Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
• Experience testing in commercial cloud environments (AWS, Azure, GCP, IaaS/PaaS/SaaS).
• 5+ Years’ experience in Information Assurance or Information Security environment.
• Strong experience with custom scripting (python, C++, PowerShell, bash, etc.) and process automation.
• Experience writing scripts and working with containers in a CI/CD pipeline
• Experience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others.
• Ability to understand and modify code in a diverse range of programming languages and frameworks.
• Familiarity with application frameworks and their built-in security services and API’s (i.e., Sun J2EE, MS .NET, OMG CORBA, Spring, etc.)
• Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed.

Responsibilities

• Application Security Testing
• Perform retests of vulnerabilities to verify previous findings have been remediated.
• Review reports of the testing and conduct security risk assessments of the vulnerabilities.
• The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments.
• Conduct code scans using automated tools and risk rate the vulnerabilities according to the organization risk profile and mitigating controls.
• Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams.
• Assist with application security vulnerability management including implementation of new vulnerability management tools.
• Setup Command & Control C2 Infrastructure.
• Understand vulnerabilities and develop relevant payloads for use during pen testing activities.