Application Security Engineer

Job Summary
This position is within the Information Security Department, on the Application Security team. The application security engineer will be responsible for collaborating with application development teams and project managers to improve the security of NRECA applications across the organization. The engineer will require a thorough knowledge of Agile SDLC methodologies and DevSecOps practices. The position requires strong secure application development, testing and automation experience. The engineer will review the results of static code security tests, validate the results of the vulnerability findings, and provide guidance on remediation efforts.
The ideal candidate will have a strong application security and development background.
Responsibilities:

• Serve as a subject matter expert for security in application projects.
• Perform functional requirements reviews, design reviews, conduct threat modeling, and ensure security best practices are followed during the SDLC.
• Triage and validate SAST, SCA, and DAST scan results prior to sharing with the development teams.
• Conduct vulnerability reviews with development teams.
• Develop and maintain integration between application security products, e.g. VMDB and CI/CD tools.
• Develop reportable observations, findings and recommendations to relay to application developers and IT leadership and validate remediations are complete.
• Participate in Internal Penetration Testing of web applications.
• Strong communication skills, with the ability to explain security concepts to both management and developers in a large enterprise environment.

What you’ll Bring:

• Five (5) years of application security experience.
• Five (5) years of software development experience and/or full-stack engineering.
• Proficiencies with popular programming frameworks Angular, Node, .NET
• Strong familiarity with OWASP Top 10 vulnerabilities and how to engineer software to avoid them
• Knowledge of and experience working in an Agile SDLC model
• Experience working with SAST and SCA products, preferably Checkmarx and GitHub Advance Security
• Experience with infrastructure as code (IaC) deployment
• Experience working with DAST tools such as Burp, Zap, etc.
• Experience with scripting languages (PowerShell, Python, Ruby, Perl, etc.)
• An advanced understanding of varying application development architectures, platforms and methodologies.
• Demonstrated ability to develop strategies and lead large and complex endeavors.
• Ability to stay current with evolving technologies and effectively educate leadership on trends and opportunities
• Strong proficiency in active listening and the ability to learn quickly
• Ability to communicate technical security concepts to a diverse audience (written and verbal)
• A passion for innovation and the challenges of creating something new.

We’d Love to See

• Robust expertise and experience with deploying and security IaC in AWS and Azure.
• One or more of the following certifications: GPEN, GWAPT, OSCP, eCPPT, Amazon AWS or Azure Specialty certifications.
• Experience with security tooling such as Checkmarx, Burp Pro/Enterprise, ZAP, GitHub Advanced Security, Artifactory Xray

Impact you’ll Make:
Application security is a team focused on leading a DevSecOps culture change throughout the enterprise. As a member of this team, you will collaborate with others to develop and maintain application security tooling, integrations and event-driven automation. This team will be challenged to provide technical and thought leadership to improve secure development practices through simplified/optimized application security services. To succeed in this role, you need to be courageous, eager to learn, able to work on your own with minimal guidance, self-starter, communicate effectively and foster idea generation. The team is security heavy and is looking to bolster its development knowledge and experience.

Dexian is a leading provider of staffing, IT, and workforce solutions with over 12,000 employees and 70 locations worldwide. As one of the largest IT staffing companies and the 2nd largest minority-owned staffing company in the U.S., Dexian was formed in 2023 through the merger of DISYS and Signature Consultants. Combining the best elements of its core companies, Dexian’s platform connects talent, technology, and organizations to produce game-changing results that help everyone achieve their ambitions and goals.

Dexian’s brands include Dexian DISYS, Dexian Signature Consultants, Dexian Government Solutions, Dexian Talent Development and Dexian IT Solutions. Visit https://dexian.com/ to learn more.

Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.