Position: Senior Application Security EngineerLocation: RemoteWork Hours: M-F 9am-1pm US EST (7.30 pm to11.30pm IST)Remaining hours can be worked during India daytime, but 40 hours/week had to be put in.You will be a Full time employment with KMM technologies and no Two jobs allowed.JDSome of the tools used:Microsoft Security Tool SuiteExabeamAWS GuardDuty Applications:OnBase LogsMuleSoft - SASSSalesforce - SASSWorkday - SASS PeopleSoft Hosted on AWSSenior Application Security Engineer JDThe Senior Application Security Engineer will be responsible for identifying potential threats to the application and product infrastructure, recommending enhancements accordingly, and implementing those technologies. The senior application security engineer provides support to ensure applicable information protection policies, procedures, guidelines, and best practices are followed. Performs Security Risk Assessments (SRAs) and compliance reviews to ensure applications and services are operating in accordance with established policies and procedures. Educates stakeholders in the assessment process and leads both pre- and post-assessment meetings. RESPONSIBILITIESServe as a security expert in enterprise applications efforts, integrations, and container services and databases helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.Manage application vulnerability assessments on various types of products, services and platforms on a consistent cadence. Evaluate and implement proper information security policies and configurations within respective application platforms to support information security posture hardening and compliance attestation. Ability to lead application risk and vulnerability assessments and remediation activities.Conduct API security vulnerability assessments and remediation response planning. Ability to evaluate container services for security assessment and best practice implementation to reduce risks and strengthen information security posture. Evaluate application and service resilience and disaster recovery planning to ensure operability. Analyze output from application vulnerability assessments, recommend mitigation strategies and resolve any security incidents through work with pertinent business departments.Review and provide input into networks and endpoints designs to ensure compliance with security and enterprise architecture.Review in-house and 3rd-party applications/code for security vulnerabilities and best practices.Build/enhance security architecture and configure networks and endpoints to enhance the security posture of the enterprise.Research, design, and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.Participate in Software Development Lifecycle: code review, QA security testing, pipeline management, launches, etc. Develop and/or implement automated security testing tools where possible. Participate in the development of security-related tools and applications, such as multi-platform cookie-based authentication and internal security libraries/frameworks. Train engineers on common security problems and best practices for writing secure code. Perform hands-on testing of applications, as well as building and enforcing information risk management requirements and structure, including providing practical secure architecture skills and developing and implementing Information Security best practices.Lead and execute projects on our security roadmap.Adhere to existing risk management frameworks, such as COBIT, ITIL, and ISO 27002. Participate in managing incident response for network security events.Develop and maintain IT security policies.Provide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the IT security branch. MINIMUM QUALIFICATIONS, KNOWLEDGE, SKILLS, AND ABILITIES:Formal Education & CertificationBachelor's degree in information technology, Computer Science or equivalent. Master’s degree desirablePossess at least one professional security certification such as CISSP, CISM, CISA, CompTIA Security+, CEH or similar.Possess at least one Salesforce Associate or Professional certificate. Knowledge & Experience5 years or more of professional experience in IT security including security policy development, security architecture models, and information security regulatory compliance5+ years of experience in vulnerability program management and penetration testingMust have the knowledge of IT security technologies such as firewalls, intrusion detections systems, antivirus, patch management, etc., and the interest and experience to work on security policy and architecture Preferred experience with the following technologies: enterprise system administration across multiple operating systems, IPS management (i.e., Cisco ASA, Palo Alto, TrendMicro) vulnerability scanning applications, Splunk and Exabeam. Preferred application security experience with the following platforms: Workday, Salesforce, Peoplesoft, Mulesoft and NewRelic. Experience in engineering and enterprise system administration roles.Experience developing a standard set of metrics that measure our security posture on a monthly/weekly basis.Proven experience developing security policies, procedures, risk registers and incident response plansIntermediate to advanced knowledge of information security concepts. Experience with one or more applications development languages such as Python, Go, Ruby on Rails, Java, C/C++, .NET. Solid knowledge of and experience with secure web architectures, tools and processesKnowledge of network architecture and design, network Security, wireless Security and client/server security. Very strong computer networking skills and understanding of networking protocols. Security of virtual machine environments is highly desirable. Expert knowledge and hands-on experience of vulnerability assessment/network discovery and associated tools Understands infrastructure monitoring Expert in securing Linux and Windows systems. Experience with various types of firewalls and technologies Demonstrated process improvement experiencePrevious application development experience is very helpful for secure code reviews Hands-on experience using multiple Amazon Web Services and Azure technologies to support an enterprise environment.Prior experience as a team lead or role mentoring junior team members.Experience with threat detection and incident management for web applicationsSkills & AbilitiesBasic skills needed include: Secure solutions developmentMiddleware securityN-tier apps dev infrastructureCompliance – PCI, GLB, GLBA, CMMC. GDPR, etc.Risk management and security risk assessmentsCode review, reverse engineeringAPI’s and protocols Authentication and authorization. SSO (Single Sign On), MFA (Multi- Factor Auth.).Enterprise aware (change control, downstream impacts, understanding of cause and effect, change windows, etc.) Recognized as a strategic thinker and is result oriented Demonstrated effective strong team player and self-motivator. Ability to work and interface internally with IT and other functional support groups with minimal guidance Demonstrated successful experience in a customer-facing role Demonstrated communicator both written and verbal, with effective presentation delivery and meeting facilitation Demonstrated effective time management, organizational, and documentation skillsGood analytical and troubleshooting skills with strong attention to detailPHYSICAL REQUIREMENTS: This job operates in a professional office environment. The employee may be exposed to various components of an office environment such as florescent lighting, pollen, dust, recycled air, cooling fans, semi-enclosed areas, central heating, seasonal warmer temperatures and office noise. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.Details required:Name: Date of Birth:Email: Current CTC:Expected CTC:Contact Phone: Contact Address: Work Location: Joining date: Any Photo Id copy:Thanks & Regards,Sekhar PillalaTeam Lead - Talent Acquisition KMM Technologies, Inc.CMMI Level 2 | ISO 9001 | ISO 20000 | ISO 27000 CertifiedWOSB, SBA 8(A), MDOT MBE & NMSDC MBEContract Vehicles: 8(a) STARS III & Schedule 70Tel: 240-800-1958 | Fax: (866) 856 3684E-MAIL: sekhar.pillala@Linked In:
Job Title
Senior Application Security Engineer