Application Security Engineer - 100% remote (Working EST)
Optomi, in partnership with a company in the logistics space is looking to add an Application Security Engineer to their growing team! The Application Security Engineer will be responsible for designing and implementing system and information security measures through developing and deploying organizational security strategies, implementations, and incident response. The ideal candidate will demonstrate a blend of security research and strategy skills, as well as development and implementation skills that contribute to the overall success of security hygiene.
The right candidate will have strong background in OWASP Top 10, SDLC and experience working internal incident response. This client is looking for someone who has worked in a SOC environment previously and is familiar with Azure security architecture and leading and/or building information security programs in early stages.
What You Will Need:
- 3+ years of security engineering or experience in an information and system security function
- Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or Information Technology preferred
- Experience identifying, deploying, and monitoring secure cloud platform network and SDLC technologies (e.g., Qualys, CrowdStrike, Rapid7, etc.), best practices, and information security frameworks (e.g., OWASP)
- Experience conducting offensive penetration testing, is a plus
- Strong technical understanding of computer systems, networks, and applications, particularly SaaS applications, as it relates to the security of data and network infrastructure
- Working knowledge of various SDLC Policy and cyber risk management frameworks (e.g., NIST, ISO/IEC, etc.)
- Proficiency working with engineering teams to assess security risk and implement risk mitigations
- Aptitude for succinctly communicating with product and engineering teams
- Ability to prioritize and work on concurrent projects, activities, and tasks under time constraints, and communicate risk and challenges while accepting change in shifting priorities based upon changing company needs
What You Will Do:
- Strategic Research & Design – continually research new SaaS application and cloud network infrastructure security tools, trends, and threats to create and communicate organizational security strategies
- Monitoring – monitor and assess security alerts for irregularities through identifying and deploying security enabling tools, rules, and actionable alerts
- Incident Response – develop incident response plans and lead incident response teams in the event of a security incident
- Documentation & Reporting – build and leverage reporting processes and feedback loops for leadership, including the timely communication of security threats and performance snapshots relative to applicable certifications, frameworks, or standards
- Training – develop and evangelize security best practices and trainings
- Assessments – complete both internal and external risk assessments, working with both internal and external teams to implement appropriate security solutions
