My Shortlist

Your shortlisted jobs will appear here. To view your shortlist, please login or register

More Jobs Like This

Application Security Lead

Brooklyn, NY, US


JOB TYPE: Permanent, FullTime

Vaco is a private-equity backed solutions company that provides consulting, managed services, staffing, and placement services globally. Established in 2002 by "Big 4" consulting veterans, Vaco now has over 40 offices and has worked with over 9,000 clients. We have over 6,000 consultants and been named to Inc. magazine's list of fastest-growing private companies for the past 12 years. Vaco offers boutique services with global reach. The Vaco Cyber Security team's success relies on the trusted relationships built with our clients. We recognize the challenge organizations encounter improving security, restructuring operations and handling risk while maintaining compliance and keeping costs down. Our information security specialists work closely with organizations to provide the solutions that best match business and security objectives. As a member of the team, you will have the opportunity to utilize and expand your skills through client experience and industry training while collaborating with security professionals across industries. Our team provides the full spectrum of security services to clients including, Strategy & Advisory, Identity & Access Management, Cyber Security Operations, Managed Services, Governance, Risk, and Compliance. Looking for an exciting career opportunity as an Application Security Engineer? Instead of being another faceless resume, let Vaco advocate for you Right now, we are looking to fill a position for our Application Security Engineering Team. With Vaco, you will have an advantage over your competition Our information security practice maintains strong relationships with clients, connect your experience with the right consulting project-promoting your strengths to the manager while preparing you for that specific interview. Our team will provide you with great insight about trends in the market - keeping you up to date on compensation expectations, opportunities to work on exciting, impactful projects, and opportunities for industry training and advancement. If you're experienced and you want to partner with the best, apply today Job Description We're looking for an Application Security Lead with experience in leading change and driving results. The Lead will be responsible for implementing an application security solution that will provide valuable information to the Cyber Security team. This Engineer will be responsible for conducting security assessments for organizations and designing security systems and processes. Identify, select, design and integrate tools, frameworks, and processes into our secure SDLC Identify threats within system architectures, communicate risk via effective use of threat models, and consult on proper mitigations Scale the current automation and remediation of discovered code security issues Lead engineering for preventative solutions to solve application security issues at their root Partner with our teams to set the course for secure development practices for years to come Build and scale a strong team of security engineers, operations personnel and more Develop Information Security program at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and PROD environments. Develop security programs to ensure physical security of all IT assets across the organization. Review source code (Java/J2EE/Spring/FTL/JavaScript) and developed security filters within IBM AppScan for critical applications. Configure SafeNet ProtectDB to enable column level encryption for securing confidential customer data. Conduct monthly developer workshops to educate and train developers on secure SDLC, scan source code using IBM AppScan Source, triage and resolve the security vulnerabilities. Design security architecture for web and mobile apps. Review Solution overview Documents (SODs) to identify security anomalies in the system architecture and design, and provided recommendations to address data security and privacy concerns. Develop threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications. Administer cryptography, certificate management and implement dual keys to address segregation of duties issue between DBAs and security admins. Participate in the development of IT risk assessments for enterprise applications. The NIST framework has been utilized for IT risk assessments. Roll out IBM AppScan products such as AppScan Enterprise (ASE), Standard, Source, Developer plug-ins to various development teams across the business lines. Implement file system security by applying hashing techniques for protecting data stored in files on the file servers. Work extensively with software development teams to review the source code, triage the security vulnerabilities generated by IBM AppScan, ZAProxy, BurpSuite, HP WebInspect, HP Fortify, Checkmarx and eliminate false positives. Generate executive summary reports showing the security assessments results, recommendations (CWE, CVE) and risk mitigation plans and present them to the respective business sponsors and senior management. Work with DevOps teams to automate security scanning into the build process. Review Android and iOS mobile source code manually and recommend code fixes. Analyze security incidents originate from various network/application monitoring devices (e.g., Symantec Vontu DLP) and coordinate with Engineering teams for tracking and problem escalation, including remediation. Perform the penetration testing of mobile (Android and iOS) applications, specifically, APK reverse engineering, traffic analysis and manipulation, dynamic runtime analysis. Develop secure SDLC policies and standards for Web and Mobile apps. We're looking for consultants with the following experience and qualifications: Experience with designing, building and maintaining application security solutions - DAST, SAST, SCA Familiarity with popular scripting and programming language frameworks - Python, Java, Javascript, Ruby, .NET, C++, C# Vulnerability remediation knowledge of the following: Windows 2019, 2016, 2012, server operating systems, Linux Red Hat operating systems, AWS Cloud based infrastructures, Windows Hyperv and VMware virtualization environments supporting Windows Linux OS virtual, Java and Apache, server hardware platforms and platform hardening: DELL R730XD, DELL R740XD, HP DL380, Windows Active Directory domains, GPO configurations Solid understanding of network operations, switch devices, routers, firewalls, vlans Experience and expertise with operating in cloud and container platforms One or more of the following (or similar) certifications: GPEN, GWAPT, GWEB, OSCP, CASS, CISSP, eCPPT Familiarity with tools such as Veracode, IBM AppScan, BlackDuck, Burp Suite, Checkmarx A strong understanding of varying application development architectures, platforms and methodologies A passion for innovation and the challenges of creating something new Ample technical and thought leadership skills Demonstrated ability to develop strategies and lead large and complex endeavors Ability to identify potential problems and quickly present options to overcome or bypass those issues Self-starter personality that is continually looking for opportunities to simplify and optimize technologies and processes Desire to work in a collaborative environment and find value and methods for up-skilling others A solid understanding of the impact of own work Strong written and verbal communication skills - provided by Dice