Application Security Engineer

eMoney Advisor - Providence, RI3.3

Full-timeEstimated: $80,000 - $110,000 a year
EducationSkills
Job Summary

This candidate is responsible for securing eMoney Advisor’s information technology environment. Reporting into the SVP Security and IT Operations, the candidate will be accountable for managing the day-to-day security of eMoney’s suite of SaaS and internal applications. eMoney is looking for a “hands-on” Information Security Analyst to ensure the confidentiality, integrity and availability of our applications and client data.

Job Responsibilities

Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools
Systematically address application security issues and develop secure coding practices for multiple development teams
Integration of application authentication, encryption, authorization, and access control
Provide mitigation strategies for applications from infrastructure, architecture, and secure coding perspectives
Utilize application security scanning tools such as HPE Fortify to interpret reports and validate identified vulnerabilities and associated risks
Utilize source code scan tools such as Fortify, or Checkmarx to assist application development teams to apply the best practice for application security and catch potential vulnerabilities at early stage
Proactively work with team members to address security and compliance issues
Provide education and assistance to application developers for applying Security Software Development Life Cycle
Collaborate with development teams to prioritize and remediate vulnerabilities throughout the application lifecycle

Requirements

A Bachelor’s degree in Computer Science or related engineering field with training in software security
Strong software engineering background with extensive experience working in complex enterprise environments implementing software development lifecycles
Experience in HTML, CSS, and JavaScript

Skills

Extensive experience in addressing web application security issues, such as those outlined in OWASP Top 10
Strong knowledge of application security throughout the software lifecycle
Experience developing secure coding practices with C#, Asp.Net (MVC and WebForms), HTML/CSS, Sql Server
Strong knowledge and experience in securing an application’s integration with relational database management systems such as MS SQL
Experience using Tenable Security Center and validating identified vulnerabilities
Proven ability to ensure applications are secure throughout the software lifecycle
Ability to perform manual and automated testing to identify vulnerabilities such (BurpSuite Pro, Fiddler, Netsparker, etc.)
Knowledge of security in both Linux and Windows environments as it pertains to Web application hosting, middleware (IIS, Apache, Tomcat, PHP, ColdFusion, Ajax), and databases (Oracle, MySQL, MS SQL Servers)
Software Security Certifications, such as Certified Secure Software Lifecycle Professional (CSSLP) is a big plus
Excellent communication skills including presentation and documentation.
Strong capability in evaluating application security related products