Key skills
AzureAzure DevOpsAgileSDLCProduct ManagementOWASPWAF
About this role
Cornerstone Capital Bank is seeking an experienced Security Engineer who is passionate about safeguarding data and securing corporate ecosystems. The role involves providing application security in line with the IT strategy, managing projects, and guiding teams to ensure secure application design and implementation.
Responsibilities:
- Address legacy and emerging security issues and implement repeatable secure development practices to reduce the introduction of program design
- Engineer for application security efforts related to authentication, authorization, encryption, logging, and code testing/analysis
- Provide input and support for regulatory standards or control frameworks that govern Information Security practices such as NIST CSF, ISO, COBIT, PCI, and/or state and federal privacy laws
- Manage the life cycle of assigned projects from initiation through deployment and project closure
- Stay up to date on new security tools & techniques in the application security space
- Provide IT Application Security support and insight for various committees throughout the business
- Work with the product management and software engineering teams during all phases of the SDLC to ensure that applications are designed and implemented securely
- You’ll guide developers and junior application security engineers on weaknesses to avoid
Requirements:
- 3+ years of experience in an IT Security Engineering role
- 5+ years of experience working in coding/development of Applications and Software
- Practical skills – knowledge of full software development life cycle
- Experience working in a Scaled Agile Framework (SAFE) environment
- Experience working in the Cloud, preferably Azure / Azure DevOps
- Application security associated with authentication, authorization, encryption, logging, and security testing
- Knowledge and integration of OWASP
- Ability to audit (not necessarily design) internal application architecture to provide insight/guidance on improvements to/confirmation of security controls
- Understanding, application, and usage of Web Application Firewalls (WAF)
- Related Certifications such as GIAC-GWEB, CSSLP, CASS, CEH, CISSP, CASE
- Threat modeling (would be desirable, but not a requirement)