Employment Opportunities



Application Security Engineer Columbus, OH 
     
Posted:  3/11/2019
Category:  Information Technology
Job Type:  -
 
Minimum Experience:  -
Required Education:  -
Benefits:  -
 
Job Description

The Paragon Group is a Columbus, Ohio based Information Technology firm delivering high quality, cost effective resources to a progressive clientele. Founded in 1998, The Paragon Group has a full-time staff of highly skilled, motivated professionals. The Paragon Group provides staff augmentation, temp-to-perm placements, permanent placements, and consulting services both locally and nationally. We are a full-time employer and offer a full benefits package. We are currently looking for an Application Support Engineer for a long-term employment opportunity.

Job Description:
The application security engineer is responsible for validating that application services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services.  Additionally, the application security engineer addresses legacy and emerging security issues and promotes repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. Application security engineers are constantly scanning applications and coordinating penetration testing to assess applications for weaknesses and finding resolutions before they can be abused.  As issues are uncovered, the application security engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation – allowing for business continuity, but without negligent risk.
 
  • Perform vulnerability scanning and facilitate penetration testing
  • Review findings with Application Teams and document security findings
  • Focus on automation to aid in efficiencies with both testing and remediation of findings
  • Work in tandem with developers to provide repetitive validation testing prior to production
  • Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testin
  • Attend and participate in application projects and change management committees This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning
  • Fully define and follow a security review process to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources
  • Use security standards and implementation configurations, as well as common security framework
  • Build data analytics and metrics to track remediation and effectiveness of the AppSec program
  • Document delivery and implementation advances that meet defined service-level agreements (SLAs) and business metrics
  • Align with architects and development teams for a mission of secure design
  • Train developers and junior application security engineers on weaknesses to avoid
  • Actively participate and lead security team meetings that facilitate secure design
  • Highly engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects. Additionally, deliver projects on time, within budget and in accordance with SLAs
  • Focus on application security that observes compliance –Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. – and privacy laws
  • Work in tandem with architects, the security operations center (SOC), incident responders (when anomalous activity occurs), and technology infrastructure and development team members
  • Respond to and handle service and escalation tickets within SLA expectations
  • Establish enterprise secure code training modules other methods to ensure uniformed secure coding practices by development teams
  • Drive security efficiencies through automaton, enabling security team members to work on more advanced tasks
  • Participate in leading and defining Application Security practices for the firm promoting security awareness, mentoring other team members, and staying up-to-date on security trends related to threats, and vulnerabilities
  • Perform other duties as assigned


Job Requirements

  • Bachelor of Science or higher in relevant field
  • At least 5+ years’ experience in cybersecurity, including compliance and risk management with a system and network security engineering background
  • Highly technical and analytical experience, with a proven background (preferred 5+ years’ in addition to cybersecurity) in application programming
  • Vulnerability and penetration-testing skills
  • Excellence in communicating business risk from cybersecurity issues
  • Proficiency in software development (Java, Python, C++, Ruby, etc.)
  • Solid understanding of network and web protocols
  • Experience with security of intra-company and third-party APIs
  • Experience with dynamic and static analysis tools such as IBM AppScan, Fortify On Demand, Contrast Security Assess, Veracode, Burp Suite, Metasploit, Nessus, etc.
  • Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
  • Ability to work independently with minimal direction; self-starter/self-motivated
  • Working knowledge of Windows, Linux and Unix
Additional Qualifications:
  • Experience with applications hosted in Amazon Web Services (AWS) or Microsoft Azure
  • Experience with cryptography controls and measures to secure applications and data
  • DevOps background in public and private clouds
  • Experience with one or more of the following: ISO 27001, NIST, PCI Data Security Standard (PCI DSS), HIPAA, Health Information Technology for Economic and Clinical Health (HITECH) Act, SOX, the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards or Service Organization Controls (SOC) 2
Certification Guidelines:
  • CISSP (desired), CSSLP, OCSP, or other relevant Security certification




Login to Apply
User ID: 
Password: 
Forgot password? 

Other Options
   Create an account
   Return to search results

Bookmark and Share







Return to search results | Email this job to a friend

Bookmark and Share
*Logged in members may also add jobs to their job cart