Detail of : Application Security Engineer Senior Job Opening in Minneapolis
is the industry leader in technology solutions that enable mergers, acquisitions, initial public offerings, restructuring and other critical capital transactions in more than 170 countries. We provide the world’s leading investment banks, private equity firms, law firms and corporations with tools to simplify, streamline and accelerate the due diligence process, helping them close more deals, faster. We are a global team of high-energy, passionate people. We have strong individual voices but we work as a team, bringing out the best in each other. We thrive under pressure and always keep the customer at the heart of everything we do.
The Application Security Engineer, Senior performs the role of subject matter expert on implementing and testing of secure systems and architecture requirements, performing architecture security and design reviews, and recommending secure solutions to protect ’s application, infrastructure and information assets across the enterprise in a way that is consistent with information system security standards.
Essential Duties and Responsibilities
Develop security stories and requirements by analyzing feature stories/ epics from backlogs.
Collaborate with Product Mangers, Scrum Masters, and Application Architects identifying and injecting security requirements into Acceptance Criteria of epics/ stories.
Conduct Threat Modelling on various components of application solutions.
Hands-on coding on various security use cases into developers' unit, integration, Capybara/Selenium, and API testing.
Advocate using IDE security plugins that scans code for security bugs on developers' machine.
Perform security testing via Static, Dynamic or Interactive tools and rule-out false positives.
Review, analyze, and help on re-test various Pen Testing items.
Collaborate with DevOps engineers and be hands-on on developing security features/ controls/ tests as infrastructure-as-code in CI/CD pipeline.
Research and monitor emerging security technologies, understand current industry and technology trends and opportunities, and assess their impact to the business.
Collaborate and consult with cross functional IT teams and business partners to identify risks, develop technical standards, specifications, guidelines, and implement appropriate information security controls.
Provides appropriate security guidance and answer technical and procedural questions for less experience team members; teaching improved processes and mentoring of team members knowledge transfer to design and implement appropriate safeguards.
PMO and Project Life Cycle (PLC) interface:
Collaborate with the PMO and Scrum Masters to ensure technical security architecture requirements are included in projects/ Stories.
Ensure that individual projects remain aligned with security strategies, architectural designs and standards through governance oversight and mentoring.
Ensure consistency of architectural and technical solutions across projects.
Ensure that internally developed and vendor applications comply with industry best practices for coding including coding standards, design & code walkthroughs and pre-production testing.
Enterprise Architecture (EA) interface:
Build relationships and maintain effective communications with the lead architects and development groups throughout the organization
Ensure projects comply with security related Enterprise Architecture policy and standards.
Collaborate with IT leadership and architecture/development teams to establish standards, policies, and procedures.
Collaborate with IT leadership and other architects to ensure solution patterns, technologies and toolsets align with long-range strategic plans and budgets.
Collaborate with other architects to define and promote architecture processes, outcomes, and results to the organization, including IT and business leaders
Bachelor's degree in Computer Science or related information technology field.
Preferred having security related certificationCISSP, CCSP, GSEC, SANS GIAC or equivalent.
Experience and Knowledge of ITIL, ISO, SDLC, SCRUM
Two years professional project management experience preferred
Passionate about Application Security
Minimum of 7 years of IT Security and/or Security Architecture experience Bachelor's degree and CISSP, CCSP, GSEC, SANS GIAC or equivalent System / OS hardening standards and methodologies
5+ years in Application Development with focus on security on Java, .Net, AngularJS, Spring Boot framework, MongoDB, SQL Server etc.
Knowledge of OWASP Top 10 and vulnerability management
Experience in cloud computing based services architecture, technical design, and implementations including IaaS, PaaS, and SaaS delivery models
Preferrably experience with setting up Secure Cloud configurations (Azure, AWS etc.)