Job Detail

The Application Security Engineer is involved in full
systems life cycle and responsible for ensuring secure design , testing ,
visibility , and reporting of applications either in place currently , or in
development. The Application Security Engineer works extensively with both
Architects and Developers to ensure solutions are not only secure by design ,
but also throughout execution and evolution. Application Security Engineers
seek to ensure solutions remain secure ongoing , whether via code scan
techniques , PEN testing , or other means as available.

Application Security Engineers are expected to not only
identify code vulnerabilities , but the root cause behind such matters. Ongoing
analysis of coding practices in each product team , trending issues , new
exploits , new threats , or evolving underlying platforms are all in scope and
need to be factored in to the holistic security posture of the application
environment.

Application Security Engineers need to be aware of emerging
industry trends along with standard sources of intel and guidance. Overall ,
this role serves as a key contributor to our Application Security space by identifying
means of quantifying and qualifying our overall application security posture.
As a security SME , this role can also be called upon to help investigate root
cause in the event of an application security event.

Prior exposure and experience in Agile , DevOps , DevSecOps ,
CI / CD Pipeline , automation and Digital Transformation are highly desirable as
they are essential to our growing and evolving development environment.

Excellent communications , both written and verbal are
essential to the success of the role. As one of our Application Security
subject matter experts , this role will advise , consult , design and contribute
to ongoing project development efforts , while serving as a train - the - trainer
contact for secure coding practices across the dev environment. Outgoing ,
personable , and positive attitudes are key in driving a true partner - based
security / development relationship.

Duties and
Responsibilities:

As an Application Security Engineer , you will be a pivotal
in driving secure code efforts including code reviews , project security
reviews , penetration testing support and application scanning processes. You
will be in the thick of it daily , driving bug remediation , meeting with project
teams to identify and secure changes in new functionality and stay on the
forefront of bug identification and patching. You will partner with your fellow
security engineers to keep Medline secure while helping us grow!

Develop and maintain web application security

scanning and mitigation / remediation practices.

Evaluate output of testing tool / technologies

(vulnerability , code review , penetration test) and tracking remediation

Develop and maintain security coding standards

and best practices for developers , analysts and architects.

Perform source code and application architecture

reviews in association with security best practices and standards.

Develop and maintain application security health

scorecards.

Research latest coding practices , technologies

and other solutions to improve application security

Work closely with development teams. Provide

training , consulting and mentoring.

Manage and administer technologies / tools / software

related to application security.

Required Skillsets:

Required coding languages: JavaScript , Java , .NET

Desired Experience / knowledge / expertise with the

following:

Static and dynamic code scanning tools and

methodologies , such as Fortify , WhiteHat , Burp , SonarQube , etc.

Project and software development lifecycles

(SDLC , DevOps , DevSecOps , Waterfall , Agile , etc.)

Web application communications network

architecture , authentication & authorization schemes and protocols ,

Web APIs , secure authentication mechanisms , secure password storage

& exchange , Multi - factor

authentications , SSO , Open SSL , Containers

Web application development frameworks , protocols ,

content management systems and techniques: SFTP , JBoss , Apache , IIS ,

.NET , WordPress , etc.

General Database knowledge (Oracle , MS

Sqlserver)

SQL

Database Architecture , Schema design

Database authentication , authorization methods / protocols

OWASP tools and methodologies.

Vulnerability scanning tools and methods ,

such as Nexpose , Nessus , etc.

Common application attack methods , and

associated preventions / defenses

HITRUST / HIPAA

Desired Academic
& Professional Qualification

Bachelor s degree , preferably

in Computer Science or Information Technology

Desired Security

Certifications: GWAPT , GPEN