SUMMARY: The Application Security Engineer will work as a part of a larger team to design and develop secure custom software solutions that meet the needs of the business and those of our patrons. This role will be responsible for leading the implementation, engineering and management of security initiatives working with development and product teams to ensure the security of the product. We are looking for a critical thinker that can bring their own skills and toolkits to solve any problem they are confronted with. We would like someone who is fluent in web security fundamentals and also possesses development and scripting experience. Practical knowledge of network, system, and application security is a must.
ESSENTIAL DUTIES AND RESPONSIBILITIES will include the following:
- Manage and resolve various incidents identified by security tools or processes
- Develop and maintain an enterprise application security architecture
- Provide recommendations for hardening applications and environments
- Work with application architects to ensure security best practice are followed
- Help development teams build security into our platform by performing threat modeling, architecture reviews and code reviews
- Capable of conducting, or managing, various levels of application and network penetration testing using industry accepted frameworks
- Analyze threats and vulnerabilities to determine security impact
- Assess the security of core platform infrastructure
- Deep understanding of security principles including encryption, authentication, authorization, etc.
- Strong Project Management skills and demonstrated ability to work and lead cross-functional teams
- Strong verbal and written communication skills