Security Application Engineer

  • Adventist Health System
  • Altamonte Springs, FL, USA
  • Apr 30, 2019
Security | Security Analyst

Job Description


Job Description
Description

Security Application Engineer

AdventHealth Information Technology

Location Address: Inspiration Avenue, Altamonte Springs FL

Top Reasons To Work At AdventHealth Corporate

•         Great benefits

•         Immediate Health Insurance Coverage

•         Career growth and advancement potential

•         Award-winning IT Department

Work Hours/Shift:

Full-Time, Monday - Friday

 

You Will Be Responsible For:

•         Analyze source code of applications written in common programming languages (Java, .NET, PHP, NodeJS, Python, etc.) with a focus on secure coding practices and principles.

•         Work with product owners to build Application Threat Models with the intent to identify, communicate, and understand threats and mitigations.

•         Leverage commercial and opensource toolsets to perform static and dynamic analysis on internally and externally developed applications, and effectively communicate findings to development teams.

•         Perform on-going security testing and code review to improve software security.

•         Assist with engineering designs for new software solutions to help mitigate security vulnerabilities.

•         Work in tandem with internal and external developers to establish secure software development life cycle procedures.

•         Establish and participate in secure coding review practices amongst developers.

•         Write reports and deliver presentations that explain the findings of research and software evaluations.

•         Support the maintenance of technical documentation.

•         Assist with developing and providing training in secure coding practices.

•         Develop a familiarity with new tools and best practices and assist with the integration of these toolsets with the enterprise.

•         Stay up to date on application security vulnerabilities and mitigation techniques to provide awareness to the developers and Application Security teams.

Qualifications

KNOWLEDGE AND SKILLS REQUIRED:

•         Detailed technical knowledge of techniques, standards and state-of-the art capabilities surrounding authorization, applied cryptography, security vulnerabilities and remediation.

•         Demonstrated understanding of Application Threat Modeling methodologies (e.g., STRIDE, FAIR, and Octave)

•         Software development experience in one of the following core languages: Java, .NET, PHP, Javascript, Python.

•         Adequate knowledge of web related technologies (web applications, web services, and service-oriented architectures) and of network/web related protocols.

•         Interest in all aspects of security research and development.

•         Able to contribute in a team environment with other team members with varying skills, experience, and locations.

•         Able to communicate technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements.

•         Excellent analytical and multitasking skills.

•         Basic concepts of common security frameworks (e.g., ISO, NIST, HITRUST).

•         Basic concepts of varying industry data standards (e.g., PCI, HIPAA).

•         Have a strong understanding of OWASP Top 10 and similar frameworks.

•         Experience with Agile (e.g., SCRUM, Kanban) software development models.

•         Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape as well as security trends in the industry.

KNOWLEDGE AND SKILLS PREFERRED:

•         Proficient with Micro Focus Fortify and WebInspect platforms (or similar enterprise static and dynamic analysis tooling)

•         Proficient with Microsoft Threat Modeling Tool (or similar threat model tooling)

•         Ability to articulate and express both verbal and non-verbal correspondence. 

•         Ability to translate control framework (e.g. HITRUST, PCI) requirements into understandable and actionable tasks.

EDUCATION AND EXPERIENCE REQUIRED:

•         Bachelor's degree from an accredited university in either Computer Science or Information Security/Assurance, or related field.

•         Six (6) or more years of global work experience in Computer Science, Information Security and/or Software Engineering, in a diverse workforce environment, promoting security awareness.

•         A minimum of 3 years of professional experience as an application security engineer.

EDUCATION AND EXPERIENCE PREFERRED:

•         Ten (10) or more years of global work experience in Computer Science, Information Security and/or Software Engineering, in a diverse workforce environment, promoting security awareness.

LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:

•         Security certifications (e.g., CISSP, CISM, CSSLP, GIAC-GWEB, CEH, Security +), or similar certifications.

 

Summary:

The Application Security Engineer will work as a member of the Application Security Team located in Enterprise Information Security. In this role, the Application Security Engineer will analyze source code of applications written in common programming languages (Java, .NET, PHP, NodeJS, Python, etc.) with a focus on secure coding practices and principles.  Work directly with product owners to properly build and document Application Threat Models. Leverage commercial and Open Source toolsets to perform static and dynamic analysis on internally and externally developed applications, and effectively communicate findings to development teams.  Perform on-going security testing and code review to improve software security. Assist with engineering designs for new software solutions to help mitigate security vulnerabilities. Work in tandem with internal and external developers to establish secure software development life cycle procedures.  Establish and participate in secure coding review practices amongst developers.

This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances.

Requisition ID

19002873