Position: Senior Security Engineer
Location: Fully Remote
Duration: Long Term
Visa type: Green Card, Citizens
The Application Security Remediation Engineer role is responsible for enhancing the security posture of our software applications. This individual will collaborate closely with application development teams through direct engagement and office hours to identify, track, and drive remediation of software vulnerabilities found through secure code scanning practices. They will produce dashboards, reports, and automation to support visibility into the data used for remediation. The ideal candidate will have a strong understanding of the software development lifecycle, be well-versed in the latest security trends, and be committed to proactive risk mitigations.
Primary Job Duties & Responsibilities
- Develop and maintain remediation specific KPI and KRI
- Produce interactive dashboards using PowerBI to drive engagement and remediation
- Produce exportable reports to be used for engagement and tracking and reporting to leadership
- Work closely with application development teams and security delivery leads to drive application risk remediation in conformance with security policy SLAs
- Engage teams for the remediation of vulnerabilities sourced from Static Analysis, Open Source Scanning, Mobile Scanning, and API Scanning
- Support remediation efforts for identified vulnerabilities, ensuring they are addressed in a timely and effective manner
- Provide guidance and support to development teams on secure coding practices
- Routinely communicate and report risk information to application teams, leaders, and organizational points of contact
- Remain current with the latest security trends, vulnerabilities, and mitigation techniques
- Work with cross-functional teams to ensure security is considered throughout the software development lifecycle
- Triage and support service request tickets
- Update security procedures and processes to align with program requirements
- Participate in office hours to provide remediation guidance and support
Required Qualifications
- 3+ years of experience with cyber security and secure development practices
- 2+ year of experience creating interactive dashboards using PowerBI
- 1+ year experience using Python or similar interpreted languages to extract data via APIs to support reporting
- 1+ year of experience with modern Software Development Lifecycles and CI/CD practices
- Proficiency with common application security vulnerabilities (OWASP Top 10 and SANS 25)
- Proficiency tracking data across multiple workstreams
- Solid interpersonal skills to adapt personal communication styles to the style of others
- Customer-focused mindset with a strong desire to provide excellent customer experiences
- Requires minimal direction, works well independently and is a resource of wealth of information for others and provides technical guidance for other team members
- Comfort with collaborating and refining processes as part of a team.
Preferred Qualifications
- Familiarity with NIST 800-218 Secure Software Development Framework
- Familiarity with OWASP Application Security Verification Standard
Education
Bachelor's degree or equivalent experience