Overview:We are a leading AI-driven Global Supply Chain Solutions Software Product Company and one of Glassdoor’s “Best Places To Work”.Application Security Engineer mission is to create an end-to-end to end security architecture based on Secure By Design principles and responsible for performing and determining the technology that is implemented within the application security team.Provide strategic direction and subject matter expertise for wide adoption of DevSecOps automation tools, Cryptography and manual source code reviews across open source..Scope:The role of the Application Security Senior Engineer is to work closely with information technology and development staff to help implement secure systems, tools, and processes.As an engineer, you will be responsible for performing and determining the technology that is implemented within the application security team.Being an expert and mentor on all technologies used by the security staff, researching new security trends and improvements, getting new staff members up to speed on internal projects and new development, and providing direction and management of assigned projects.Additionally, engineers will look for opportunities to collaborate and educate other departments that are impacted by application security projects and processes.What you’ll do:Implement Secure SDLC (Analyze and design Secure architecture, Design Application based on that, prepare secure coding guidelines across projects, and also reviewed support project architecture and code on security aspects)Provide strategic direction and subject matter expertise for wide adoption of DevSecOps automation tools, Cryptography and manual source code reviews on Java, JavaScript, Rest API using tools like Checkmarx, CodeQL, Fortity, Veracode, Snyk, Blackduck, Acunetic, AppScan etc.Understand how to identify, exploit, and remediate the OWASP Top 10, SANS 25 software flaws, and other vulnerabilities through use of tools and code review and propose solutions for advanced development situations.Ability to write tool specific custom queries to improve the scan results and eliminate false positives.Work with development teams to ensure false positives are verified and documented.Knowledge on Threat modelling methodology and tools like Microsoft threat modelerExperience in DevSecOps and CI/CD tools such as Github, GitLab, Jenkins, Nexus, Artifactory including how to secure themGood knowledge on cloud (Azure, AWS, GCP) and basic knowledge on cloud security posture management (CSPM)Good knowledge on FOSS/SCA, Software Supply Chain security analysis & basic knowledge on container securityKnowledge on container scanning tools like Checkov, Trivy, etcExperience with Linux Containers (Docker), Kubernetes, and deployment of containerized applications/microservices architectures.Working with Teams to secure their Services (i.e., API security)Train new department staff and developers in application security conceptsIdentify gaps in application architecture, internal processes, and training to help guide the improvement of the department.Maintain a professional working relationship with other departments through clear communication and project level collaborations.Threat modelingWhat we are looking for:10+ years of secure development, penetration testing, and/or architecture experienceExpert knowledge of SDLCExperience with current web application technology and concepts including containerization, development operations, and mobile technologies.Familiar with dynamic and static testing tools and techniquesFamiliar with secure coding principles and application architectureComfortable with scripting and automation.Ability to work as part of a larger team to find solutions.Excellent communication skillsCSSLP, CISSP, GWAPT, OSCP, or similar certifications preferred.Our ValuesIf you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core ValuesDiversity, Inclusion, Value & Equality (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
View Original Job Posting