Application Security Engineer II (Remote)
United States of America
Full Time
2 days ago
$89,000 - $130,000 USD
H1B Sponsor Likely
Key skills
GraphQLAzureScrumCommunicationOWASPPenetration TestingWAF
About this role
American Specialty Health is seeking an Application Security Engineer II to join their Information Security department. The primary purpose of this position is to protect and defend the information security posture and information assets from cyber security threats while maintaining strong regulatory compliance and reducing cyber risks to the organization.
Responsibilities:
- Performs day-to-day information security functions
- Assist with documentation of improvements (including automation) of information security solutions in concert with DevSecOps activities
- Deploy and/or serve as product owner for at least one of the products within the app security stack
- Assist with administration of security-related systems including but not limited to: Security and compliance testing software, web application firewalls, open source software, attack simulation, and vulnerability management
- Assist with coordination of security issue and remediation efforts between different ASH scrum teams
- Act as point of contact for ASH scrum teams to inquire about vulnerabilities and options for remediation
- Maintains updated documentation of technical controls, processes and procedures
- Participates in incident response, security testing, penetration testing and red teaming roles
- Researches and communicates the latest trends in information security and threat environments
- Availability for after hours work and occasional travel required
- Performs other duties as assigned
- Complies with all policies and standards
Requirements:
- Bachelor's Degree in IT related field or relevant work experience. If equivalent experience, high school diploma required
- 5 years in software development with security focus, systems/software security testing, and/or security administration required
- Ability to program/script automations across languages and platforms, including consumption and processing of common API results. (High proficiency)
- Ability to provide security guidance and implementation steps to software development teams with little oversight from a security supervisor. (Medium proficiency)
- Experience implementing security technologies and solutions within the application security suite of products. (Medium proficiency)
- In depth knowledge of web application vulnerabilities, OWASP recommendations, and mitigation strategies. (High proficiency)
- Understanding of network and Software Architectures and design. (Medium proficiency)
- Knowledge of proxies such as Burpsuite, or zap for manual validation of application security findings. (High proficiency)
- Experience with end to end of application testing including API, logic flows, database, graphql, windows networks and resources, linux applications, and azure cloud. (High proficiency)
- Knowledge of Static Code analysis tools and their limitations, pipeline integrations, actions. (High proficiency)
- Familiar with WAF technology setups and common limitations. Runtime Protection concept and implementation. (Medium proficiency)
- Demonstrated ability to interact in a positive, respectful manner and establish and maintain cooperative working relationships
- Ability to display excellent customer service to meet the needs and expectations of both internal and external customers
- Excellent listening and interpersonal communication skills to identify critical core competencies based on success factors and organizational environment
- Ability to effectively organize, prioritize, multi-task and manage time
- Demonstrated accuracy and productivity in a changing environment with constant interruptions
- Demonstrated ability to analyze information, problems, issues, situations, and procedures to develop effective solutions
- Ability to exercise strict confidentiality in all matters
- Ability to see, speak, and hear other personnel and/or objects. Ability to communicate both in verbal and written form. Ability to travel within and around the facility or Work from Home (WFH) environment. Capable of using a telephone, computer keyboard, and mouse. Ability to lift up to 10 lbs