Application Security Engineer

Organization: Churchill Downs Incorporated

Location: Louisville, Kentucky United States

Keywords: Engineer, Security, Security Engineer, Software Development

Job Type: Full-Time

<< Back to Job-Board
Learn More

Description

SUMMARY: The Application Security Engineer will work as a part of a larger team to design and develop secure custom software solutions that meet the needs of the business and those of our patrons. This role will be responsible for leading the implementation, engineering and management of security initiatives working with development and product teams to ensure the security of the product.  We are looking for a critical thinker that can bring their own skills and toolkits to solve any problem they are confronted with.  We would like someone who is fluent in web security fundamentals and also possesses development and scripting experience.  Practical knowledge of network, system, and application security is a must.

ESSENTIAL DUTIES AND RESPONSIBILITIES will include the following:

  • Manage and resolve various incidents identified by security tools or processes
  • Develop and maintain an enterprise application security architecture
  • Provide recommendations for hardening applications and environments
  • Work with application architects to ensure security best practice are followed
  • Help development teams build security into our platform by performing threat modeling, architecture reviews and code reviews
  • Capable of conducting, or managing, various levels of application and network penetration testing using industry accepted frameworks
  • Analyze threats and vulnerabilities to determine security impact
  • Assess the security of core platform infrastructure
  • Deep understanding of security principles including encryption, authentication, authorization, etc.
  • Strong Project Management skills and demonstrated ability to work and lead cross-functional teams
  • Strong verbal and written communication skills

Qualifications

Minimum Education Level: Bachelor's

Requirements

  • 4-year degree in IT/IS or other closely related discipline; may consider experience and certifications for degree requirement.
  • 5+ years of experience in a software engineering area (development, QA, system architecture, etc.) with 2 years in a security subject area (application security, penetration testing, risk/compliance, etc.)
  • Ability to work on multiple projects concurrently
  • In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25
  • Experience using web logs to identify threats
  • Experience with the following technologies: Java, Java Spring, Spring Boot, Spring Data (JPA), Spring MVC, MySQL, WAF/CDN Akamai preferred, Cloud Platform AWS preferred
  • Familiarity with security in DevOps environments
  • Ability to obtain racing and/or gaming licenses as required in any jurisdictions where CDI operates. Gaming industry is highly regulated and as such demands an extensive background checks in order to obtain a license.

Recommendations

  • Current certification in any of the following:
    • CISSP — Certified information systems security professional
    • CASE – Certified Application Security Engineer
    • CASS – Certified Application Security Specialist
    • CSSLP – Certified Secure Software Lifecycle Professional
    • CISA -Certified Information systems auditor
  • Recent experience working in an Agile Scrum environment

Qualifications

Education

Preferred

Bachelors or better in Information Technology or related field.

Experience

Required

5 years: Application developement or cybersecurity

Licenses & Certifications

Preferred

CISA

Learn More
Posted: February 28, 2021
<< Back to Job-Board