Backend Java (Secure/Standards Environment) - MM
KellyMitchell matches the best IT and business talent with premier organizations nationwide. Our clients, ranging from Fortune 500 corporations to rapidly growing high-tech companies, are exceptionally served by our 1500+ IT and business consultants. Our industry is growing rapidly, and now is a great time to launch your career with the KellyMitchell team.
Title: Application Security Engineer
Job Description & Responsibilities
The Application Security Software Engineer will be charged with protecting users and data within the company. This position requires experience in secure application development, experience in secured environments as it relates to regulatory requirements (i.e. PCI, GDPR, ISO 27001, NIST 800-52), and industry best practices. Will participate in the engineering aspect of various projects across the enterprise. Support the information security program through the following responsibilities:
- This position is partially allocated to ongoing Software Engineering with the goals:
- Maintain efficiency in application design and development,
- Maintain currency with current company technologies and design patterns,
- Support implementing security features.
- Maintain company secure coding guidelines and conduct training
- Maintain company static code analysis configuration and conduct training
- Coaching and training Engineering teams on security practices including vulnerability scanning, and secure design.
- Implementing remediations and management action plans.
- Reviewing application designs for secure design principles.
- Facilitate maintenance of repository of secure design practices and patterns.
- Provide application development expertise to the Information Security & Compliance team in support of audits and assessments, including customer, PCI, and internal audit reviews.
- Assist with security mitigation and remediation efforts as needed. Work collaboratively with IT operations personnel to accomplish a balance of business and security objectives.
- Provide guidance for selection of third-part security service providers/vendors.
- Perform Risk Assessment on identified vulnerabilities and threats to systems and applications.
- Participate in vendor product evaluation and recommendations.
- Gather information and collaborate with Engineering and IT staff to assess and solve security issues for applications, networks, and servers. Analyze business needs and research security solutions.
Specific training related to application development security will be identified for this role.
Skills, Experiences, Knowledge
- The qualified candidate will have a minimum of three years’ experience with implementations requiring secure practices and compliance with standards including but not limited to, PCI implementation, GDPR adoption, HIPPA controls implementation, SSAE16/18 SOC compliance.
- Bachelor’s degree from a four-year college or university, or equivalent experience required.