The KION/Dematic Supply Chain Solutions (SCS) Global Software R&D Organization is responsible for delivering innovative software products to support a wide range of intralogistics, material handling, and management solutions. These products play a key role in powering the logistics operations of enterprises in a wide range of industries worldwide including eCommerce activities. We are looking for a manager who is dynamic, and enthusiastic application security engineer to help drive our application security efforts. You will be a technical leader in application security that will assist junior engineers and drive projects to completion. This is an exciting opportunity to join our application security efforts related to the development of various projects in IoT, Intralogistics, Control, Cloud, and Edge systems that aim to transform the industry. The application security engineer is an important member of the KION Supply Chain Solutions (SCS) Global Software R&D team. This role is hands-on application security that applies expertise in application security and knowledge of security best practices to the development of existing and future products. The application security engineer not only demonstrates the skills and knowledge of a seasoned hands-on security professional but also participates in efforts to enhance application security and development practices of product teams. What we offer: Career Development Competitive Compensation and Benefits Pay Transparency Global Opportunities Learn More Here: Dematic provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. The base pay range for this role is estimated to be $82,000 – $166,000 at the time of posting. Final compensation will be determined by various factors such as work location, education, experience, knowledge, and skills. Tasks and Qualifications: This is What You Will do in This Role: Lead the development and implementation of application security strategies, policies, and best practices. Development Lifecycle (SSLDC) methodologies across organization. Collaborate with software development teams to integrate security requirements and best practices into the SDLC. Provide security guidance and mentorship to junior members of the security team Perform security assessments and penetration tests to identify and remediate security weaknesses. Respond to security incidents and conduct forensic investigations as needed. Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. Direct the remediation of security findings and vulnerability prioritization, with development teams, encountered during testing and implementation of new systems or changes to existing systems. Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules. What We are Looking For: 8+ years of application security or related cybersecurity roles, 3+ years of penetration testing experience or 5+ years of application security experience. Hands on experience with security tools such as Qualys, Nessus, SonarQube, Veracode, Burp Suite, Nexpose, Snort, or Metasploit Experience with cloud platforms (e.g., AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes). Hands-on experience with security tools and technologies, such as SAST, DAST, WAF, IDS/IPS, SIEM, and vulnerability scanners Strong knowledge of security architecture, system, and network security Strong experience and in-depth knowledge of security standards and best practices (OWASP, SANS 25, etc.) as it relates to cloud, web, and mobile applications Experience in analyzing security of Java applications or cloud-based applications. Ability to read and write one or more common programming languages such as Java, JavaScript, C/C++, Python, including 2+ years of hands-on programming or scriptwriting. Hands on experience with Linux and Windows platform. Excellent analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions. Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and stakeholders. Preferred CISSP BS in Comp Science , Information Security, or related fields MS in Computer Science, Information Security, or related fields
#LI-DP1
Intrusion Detection System (IDS) nexpose Amazon Web Services (AWS) veracode Azure Linux Information security Certified Information Systems Security Professional (CISSP) controls Google Cloud Platform (GCP) cloud-computing Burp Suite Windows IoT nessus waf application-security SDLC sonarqube SIEM Python sast JavaScript OWASP C++ metasploit snort Java qualys