***This is a possible 75% remote/25% travel role***
Prestigious Fortune 500 Company is currently seeking a Web Application Security Engineer. Candidate is responsible for the identification, tracking, mitigating, remediation, and verification of web security vulnerabilities in software, systems, and application services. The candidate will combine experience in information security, web development, IT operations, and project management to ensure security risks are effectively identified and appropriately addressed while maintaining a balance between security and usability. This role will define, deliver and sustain the enterprise web security strategy, standards and solutions from a governance, process, discipline and technology standpoint, to support the global and enterprise environments.
• Accountability and ownership for web security scanning solutions, processes, services and operations.
• Develop and maintain tools and processes for web application scans, reviews and assessments along with ethical hacking.
• Develop security guidance documentation.
• Develop and maintain secure web coding practices and enterprise wide standards. Educate and collaborate with customers on practices and standards.
• Performs requirements gathering, initial engineering design, platform/environment integration and evolution planning to support highly reliable, available, scalable, and cost-effective computing.
• Interfaces with Architecture team regarding the ratification and implementation of new Architecture standards.
• Interface with product vendors for escalated support and advanced product knowledge.
• Ensures IT security architecture/designs, plans, controls, processes, standards, policies and procedures are aligned with IT standards and overall IT security
• Partner with delivery support teams and customers to maintain web security SLA/KPIs and provide technical leadership.
• Manage and provide tier II support for web security related incidents.
• Maintain an understanding of attacks, vectors and emergent threats (OWASP)
• Mentor and educate teams with expert knowledge of information security event management, security forensics, network access controls and perimeter security, operations, implementations of new technologies
• Bachelor’s Degree
• 7+ Years of IT experience
• 3+ years’ experience with Infrastructure engineering security
• Experience with multiple programming languages (such as ASP.NET, Java, Powershell, Ruby, Perl, etc...)
• 3+ years of web application security experience required (AppScan and Web Application Firewall)
• Service oriented mentality with focus on customer service
Additional Skills Required:
• Excellent written and verbal communication capability with a customer focus
• Success in collaborating with customers, partners, and co-workers across cultural boundaries (including flexibility in work schedule as needed)
• Able to identify, address or escalate potential dependencies and issues
• Manage the effort within deferred and expense budget constraints (if project lead)
• Effectively manage ambiguity, change and conflict
• Effectively prioritize in high pressure situations
• Strong project leadership and support skills
• Demonstrated track record of success in delivering in a security environment
• Proven experience in navigating complex organizations with creative problem solving
• At ease in establishing senior-level working relationships and communications
• Ability to deliver a clear yet compelling and realistic business case
• Ability to translate complex technical topics into easy to understand concepts
• Minimum of 5 years' experience in security or network architecture/engineering role including designing and deploying security solutions
• Strong analytical skills and cross functional knowledge across multiple security disciplines
• Strong working experience with databases and data warehouse technologies and solutions
• Working experience with systems automation in a major scripting language (Perl, Python, etc.)
• Ability to communicate security-related concepts to a broad range of technical and non-technical staff
• Must possess a high degree of integrity, be trustworthy, and have the ability to work with autonomy
• Any of the following are a plus: CISSP, CISM