Sr. Application Security Engineer Location: Whitehouse station/ Jersey City or Fully remote Duration: 6 Months CTH Job description We are looking for an Application Security Engineer with 8+ years of extensive experience & knowledge in developing secure solutions & reviewing security designs for Cloud and hybrid applications. The individual will possess a strong understanding of application technology stack, public cloud service offerings, development methodologies and their respective security controls. He will also possess a keen eye for detail and be able to identify security issues in application architecture and help provide secured solution options. Essential Functions: Be the representative of the global Application Security Group in the Enterprise Cloud Migration teams and help build secure cloud solutions from the start. Conduct application design reviews being part of the Cloud Migration pods and identify threats and potential security issues and help the teams design practical secure solution to mitigate the threats. Stay current with attacks, industry trends and threat mitigation measures in the application and cloud security space Communicate timely and accurately – project related security risks and countermeasures to information to relevant parties Be creative and innovate secure solutions when faced with a new challenge Create secure patterns and reference architectures Required Skills/Experience: In depth knowledge of OWAP Top 10, SANS CWE top 25, Cloud (Security) Controls Matrix, NIST Cyber Security Framework (Cloud and Applications), API Security issues and countermeasures and other application-level risks and attacks. Expertise in SAST, DAST, IAST, RASP, WAF and related technologies Expertise in application security best practices for public cloud environment, DevSecOps principles, serverless architecture, microservices and popular open-source frameworks for Cloud usage (Azure knowledge is a plus) In depth knowledge of Container technologies such as Docker, Kubernetes and Container security issues, best practices and Cloud Security tools (e.g. Prisma Cloud) Good understanding of CI-CD pipeline tools, processes and CI-CD security controls including infrastructure as code Experience in HTML, Java, JavaScript, and .Net, and scripting languages like Python, C Shell, Perl etc. Overall good understanding of Authentication and Authorization protocols, Cryptography, key management, logging, network security controls, secure configuration settings etc.
HTML CI/CD Python docker-containers authorization Azure sast JavaScript OWASP devsecops Perl cloud migration authentication Docker Kubernetes Java .NET serverless-architecture microservices api-security waf cryptography