Application Security Engineer in Dallas, TX at Pyramid Consulting, Inc

Date Posted: 6/25/2020

Job Snapshot

Job Description

Immediate need for a talented Application Security Engineer with one of our direct client. This is a 12+ months contract opportunity with long-term potential and is located in DALLAS, TX. Please review the job description below.
 
Job ID: 20-21227

The Application Security Engineer will be a part of the Cybersecurity Team focused on general application security, DevSecOps principles, and code quality. The Cybersecurity Team works with application development teams to ensure technology security and vulnerabilities are addressed and remediated throughout the system development life cycle (SDLC).

Key Responsibilities and Requirements-
  • 5+ years in application penetration testing.
  • 5+ years in software development.
  • Ability to work in a highly collaborative and dynamic, cross-functional team.
  • Conduct application security assessments and penetration tests (web, mobile, web service, etc.).
  • These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools and/or code review tools.
  • Perform threat models and risk assessments to characterize the risk and severity posture of large-scale commercial or in-house enterprise applications.
  • Experience programming and scripting and ability to develop or adapt custom tooling to solve new needs.
  • Experience performing baseline static/dynamic application security assessments (SAST/DAST) on new applications and changes to applications.
  • Write a security assessment and application threat profile reports.
  • Maintain partnerships with application development teams, participate in corrective action plans for identified issues.
  • Articulate risk and business impact to stakeholders.
  • Provide on-the-job training and mentoring to other members of the team.
  • Track and research the latest developments in vulnerability research.
  • Strong understanding of vulnerabilities, common attack vectors and how to resolve them.
  • Attacker mindset ability to think about creative threats and attack vectors.
  • Well-rounded background in host, network and application security.
  • Familiarity with cloud platforms (preferably AWS).
  • Experience with Agile Practices like Scrum, Kanban, CI, CD
Preferred but not required
  • DevSecOps knowledge of areas such as tools/capabilities, monitoring, scripting, and metrics preferred.
  • Experience delivering secure application development and application security testing training.
  • Familiarity with OAuth2.0 and OpenId Connect protocols.
  • Working knowledge of industry and commonly adopted secure standards, practices (e.g. applicable NIST standards, CIS, ISO, OWASP, SANS, BISMM, and CERT).
  • Certifications (Certified Ethical Hacker (CEH) GIAC Penetration Tester (GPEN) GIAC Certified Forensic Examiner (GCFE)), training on hands on exploit development are plus.
  • Administration experience with any of the following: Nessus, Rapid7, Burp Suite, Metasploit and other scanning and analysis solutions.
  • Airline or travel industry experience a bonus.
Our client is a leading Airline and we are currently interviewing to fill this and other similar contract positions. If you are interested in this position, please apply online for immediate consideration. 

#Dal3 #Dal1 J2W:CB3