Application Security Integration Engineer
- Buenos Aires, Argentina
We are looking for Application Security Integration Engineers based in Buenos Aires to work on a long-term project for one of our clients, a top global consulting firm from the US.
The person in this position will play a key role in securing all software built and provide support on static and dynamic application assessment. Will also play a key role in automating application assessment through software development life-cycle integration.
The engineer will work with application development teams as well as 3rd party organizations to ensure that security, privacy and compliance constraints are built into the applications.
The right individual for this role should exhibit the following: strong interpersonal skills, be highly motivated, results oriented, have excellent communication and presentation skills, and be a strong team player.
This engineer is responsible to assist developers to perform application assessment and connect them to secure coding SMEs on remediation advising.
- Support application security service onboarding, including life-cycle integrations such as Jenkins, VSTS/TFS and API
- Support development teams to perform application vulnerability assessments and document vulnerabilities which were found and provide recommendations for remediation according to company guidelines and industry best practices
- Support Integration of static and/or dynamic code analysis tools into SDLC
- Provide guidance to application groups on application security best practices
- Support application security assessment result review and mitigation approval
- Support remediation effort and track open issues and follow up to ensure remediation
- Passion for application security
- 5+ years of experience in application security or application development
- Bachelor's degree in Computer Science or Engineering or equivalent evidence of aptitude
- Solid understanding of common web application technologies and languages
- Understanding of Threat modeling and attack vector analysis
- Experience in application security assessment tools such as Veracode, Fortify on demand or others
- Knowledge of the OWASP Testing Framework and OWASP Top 10
- Ability to understand security assessment report and identify false positive and security issues
- Methodical and organized; able to manage multiple opportunities, projects, and partners concurrently
- Able to multi-task and work independently with minimum supervision to meet firm deadlines
- Performs other special projects or duties as assigned
- Experience with Jenkins, VSTS, TFS, Azure and AWS
- Experience in DevOps, CI/CD, Secure LifeCycle Automation
- At least one of the following certifications: CSSLP, CISSP, CISA, CISM, SSCP, CEH
Friday, November 30, 2018