Senior Application Security Engineer
Recruit Professional Services, New York New York
- BS in Computer Science, Information Security or equivalent
- 5+ years of experience in application security architecture or security management with expertise in applying secure software development methods within the SDLC
- Experience conducting security code review, threat modeling, or application penetration assessments
- Extensive hands-on development experience a must; 10+ years
- Highly motivated, competitive, entrepreneurial and attracted to challenging opportunities
- Demonstrate the ability to work in a fast-pace environment
- Possess excellent collaboration skills with internal teams
- Is a self-starter with integrity and accountability
- Experience in interfacing with multiple information technology application and infrastructure development and support areas within an enterprise.
- Hands-on experience with LDAP, SSO, SAML, Active Directory
- Experience with ForgeRock is highly preferred
- Familiarity with network architecture and topologies
- Familiarity with APIs, web services and SOA
- Experience with OWASP top 10 and how to protect against them
- Experience with cloud and on-premise security models
- Experience with release management and DevOps of custom software
- Working with the Enterprise Architect and the CSO, establish organization-level application security architecture standards.
- Ensure systems are deployed consistent with adopted software security standards. Architect, design, develop and implement software security framework and systems to support our enterprise systems for internal and external users.
- Lead and implement an Identity and Access Management Service based on ForgeRock. Should have a good understanding of LDAP and Active Directory.
- Partner with other architects, software engineers and QA engineers to ensure adequate security processes and tools are in place throughout to mitigate identified risks to an acceptable level, and to meet business objectives and regulatory requirements.
- Based on your own strong development background with prominent web development languages and frameworks, provide security advice to development and testing teams
- Provide expert-level guidance to security analysts, testers and development teams during application security assessments. Must be able to identify, re-create and remediate security defects
- Serve as a leader by promoting security awareness, mentoring other team members, and staying up-to-date on security trends related to threats, vulnerabilities and OWASP best practices
Lead and implement an Identity and Access Management Service based on ForgeRock. Should have a good understanding of LDAP and Active Directory