Sr. Application Security Engineer
4 weeks ago
Remote - would need them in MST or PST (might be able to entertain CST)
Working hours are 8-5 PST plus 2-3 night meetings with the Asia team from 6-8pm PST
- 5+ years' experience in Application Security
- Experience with at least 3 of the following: SAST, SCA, DAST, IAST, Fuzz Testing, ASPM, Threat Modeling or similar
- Must be able to read code; don't have to have experience writing code but must understand it
- Software Development background is a plus; ideal: C#, GoLang, .NET, .NodeJS
The primary responsibility of the Application Security Engineer – Cyber Security is to support technologies that enable the companies’ cyber security goals and objectives, securing the confidentiality, integrity and availability of software and computer information systems. The role will serve as a security engineer for software development, supporting technologies that facilitate security of the software products and services.
Additional key responsibilities of role include review of vulnerabilities identified by application security technologies and processes and provide the true positive results to the appropriate software development teams, and coordination with those teams to support their triage and remediation efforts for identified, valid vulnerabilities.
Essential Duties & Responsibilities:
- Act as a primary technical resource in development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities.
- Manage application security program across multiple SDLCs.
- Ensure cybersecurity requirements are met prior to production release.
- Triage potential vulnerabilities identified by application security program with context of application and related business knowledge.
- Maintain understanding of core functionality of supported software and first-party applications.
- Review and understand code from both business logic and technical standpoint.
- Coordinate with developers to prioritize and remediate identified true positive vulnerabilities.
- Collaborate with software development and quality assurance teams to ensure code is free from security defects.
- Communicate cybersecurity standards applicable to technology and coding workflows.
- Working with Application Security Engineers, optimize security with existing technologies and processes.
- Provide technical guidance to developers and engineers on cybersecurity best practices.
- Review performance of controls such as threat modeling, SCA, SAST, DAST, IAST, RASP, Secrets Scanning, Container Scanning, Misconfiguration Identification, Secure Code Review, CI/CD Pipeline Security, and Deployment Environment Security.
- Coordinate with software development leadership, operations leadership, IT leadership, and cybersecurity leadership to integrate application security practices across departments.
- Actively seek ways to improve secure software development processes.
- Develop and maintain security policies, standards, and guidelines.
- Conduct code analysis of first-party enterprise applications, through both manual and automation enabled processes.
- Provide remediation guidance and recommendations to developers and administrators based on identified vulnerabilities and existing technology stack.
- Work with software development teams to prioritize and validate the urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
- Stay updated with the latest cybersecurity threats and trends and incorporate this knowledge into security architecture designs and practices.
- Conduct training and awareness programs to enhance the security posture of the organization.
- Participate in security audits and assist in regulatory compliance efforts.
- Work closely with IT operations and software development teams to ensure secure systems deployment and operations.
- Actively contribute to the organization’s cybersecurity strategy and roadmap
- 21 years of age.
- Proof of authorization to work in the United States.
- Outstanding collaboration and communication skills.
- Any of the following combinations of education, professional experience, or both:
- At least 2 years of experience in a relevant DevSecOps role and technical degree in computer / information science; or
- At least 4 years of experience in a relevant DevSecOps role; or
- At least 6 years of related field work experience, at least 1 year of which in a software development role, and at least 1 of which in a cyber security role and technical degree in computer / information science; or
- At least 8 years of relevant field experience, at least 1 year of which in a software development role, and at least 1 year of which in a cyber security role.
- Demonstrated experience working with technical and non-technical staff.
- Knowledge of application security, software development, and cyber security concepts.
- Basic knowledge of a broad range of IT, Security, Controls and Service Delivery standards and frameworks for example, International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Control Objectives for IT (CoBIT), and Capability Maturity Model Integration (CMMI).
- Experience with Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure or other cloud platforms, with experience in developing and implementing software.
- Experience developing software in various coding languages such as Java, C#, PHP, etc.
- Demonstrated knowledge of web applications, cyber security, and open-source technologies.
- Safety is an essential function of this job.
- Consistent and regular attendance is an essential function of this job.
- Perform other related duties as assigned.
- Ability to execute multiple projects and tasks under tight deadlines.
- Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24/7 due to the needs of the business).
- Strong interpersonal skills with the ability to communicate effectively with guests and other Team Members of different backgrounds and levels of experience.
- Must be able to work varied shifts, including nights, weekends, and holidays.
- Professional certification in multiple programming languages (C#, .NET, Java, etc.) recommended.
- Professional certifications in cyber security (CISSP, OSCP, etc.) recommended.
- Experience with CI/CD and pipeline tools such as Jenkins, Docker, Kubernetes, and others.
- Knowledge of cloud platforms and services, with experience in cloud security.
- Experience with automated software and security testing tools and techniques.
- Ability to stay updated with the latest industry trends and advancements in cybersecurity.
- Understanding of enterprise software development practices.
- Experience working with software development teams.
- Experience identifying cybersecurity vulnerabilities and weaknesses in software.
- Experience reading, writing, and auditing software in multiple programming languages.
- Strong familiarity with common vulnerabilities and attack vectors.
- Knowledge of common encryption technologies (AES, PGP, SSH, SSL, etc.).
- Knowledge of common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.).
- Previous work experience as an Application/Product Security Engineer or Software Developer.
- Experience integrating security testing into an SDLC.
- Experience with incident response and handling methodologies.
- Experience with security technologies such as intrusion detection/prevention systems (IDS/IPS), firewalls, SIEM, etc.
Powered by JazzHR
mSLg7x9S5c
-
Sr. Security Engineer
4 days ago
Las Vegas, United States The Boring Company Full timeThe Boring Company was founded to solve the problem of soul-destroying traffic by creating an underground network of tunnels. Today, we are creating the technology to increase tunneling speed and decrease costs by a factor of 10 or more with the ultimate goal of making Hyperloop adoption viable and enabling rapid transit across densely populated regions. ...
-
Sr. Security Engineer
1 month ago
Las Vegas, United States The Boring Company Full timeThe Boring Company was founded to solve the problem of soul-destroying traffic by creating an underground network of tunnels. Today, we are creating the technology to increase tunneling speed and decrease costs by a factor of 10 or more with the ultimate goal of making Hyperloop adoption viable and enabling rapid transit across densely populated regions. The...
-
Application Security Engineer
1 month ago
Las Vegas, United States IS3 Solutions Full timePosition Overview The primary responsibility of the Application Security Engineer - Cyber Security is to support technologies that enable the companies' cyber security goals and objectives, securing the confidentiality, integrity, and availability of software and computer information systems. The role will serve as a security engineer for software...
-
Application Security Engineer
1 month ago
Las Vegas, United States Servsys Corporation Full timePosition OverviewThe primary responsibility of the Application Security Engineer – Cyber Security is to support technologies that enable the companies’ cyber security goals and objectives, securing the confidentiality, integrity and availability of software and computer information systems. The role will serve as a security engineer for software...
-
Application Security Engineer
1 month ago
Las Vegas, United States Servsys Corporation Full timePosition OverviewThe primary responsibility of the Application Security Engineer – Cyber Security is to support technologies that enable the companies’ cyber security goals and objectives, securing the confidentiality, integrity and availability of software and computer information systems. The role will serve as a security engineer for software...
-
Sr. Cyber Security Architect
5 days ago
Las Vegas, United States Criterion Systems Full timeSr. Cyber Security Architect***As required by our governmental client, this position requires being a US Citizen AND an active DOE Q or a Secret Clearance***The Sr. Cybersecurity Architect will provide expert level strategic planning to develop technical solutions, provide technical guidance and assistance, perform review and development of cybersecurity...
-
Sr Server Engineer
5 days ago
Las Vegas, United States Sands Full timeThe primary responsibility of the Sr Server Engineer is to code and manage Golang microservices. All duties are to be performed in accordance with Company and departmental policies, practices, and procedures. All Company Team Members are expected to conduct and carry themselves in a professional manner at all times. Team Members are required to observe the...
-
Sr Server Engineer
3 weeks ago
Las Vegas, United States Las Vegas Sands Corp. Full timeJob Description: Position Overview The primary responsibility of the Sr Server Engineer is to code and manage Golang microservices. All duties are to be performed in accordance with Company and departmental policies, practices, and procedures. All Company Team Members are expected to conduct and carry themselves in a professional manner at all times. Team...
-
Sr Analyst
1 week ago
Las Vegas, United States Las Vegas Sands Corp. Full timeJob Description: Position Overview The primary responsibility of the Sr Analyst - Cyber Security is to monitor and analyze central identity providers and cloud-based identity threats, vulnerabilities, permissions, policies, and roles as they pertain to user and machine-based identities. All duties are to be performed in accordance with departmental and Las...
-
Sr. Electrical Engineer
3 weeks ago
Las Vegas, United States Varex Imaging Corporation Full timeVarex Imaging, headquartered in Salt Lake City, USA, is a leading innovator, developer, and manufacturer of X-ray imaging component solutions, which includes X-ray tubes, digital flat panel detectors, software, and other key components of X-ray imaging systems. With a 70+ year history of successful innovation, you will find our components in numerous...
-
Sr. IT Network Engineer
4 weeks ago
Las Vegas, United States Golden Route Operations Full timeCity Las Vegas State NV Shift Day Type of Shift Full Time Department Information Technology Sr. IT Network Engineer Golden Entertainment Corporate (Las Vegas, NV) Description: Summary Provide advanced enterprise support for the network infrastructure. Coordinate and deliver system implementations, upgrades, and enhancements to existing...
-
Sr. IT Network Engineer
4 days ago
Las Vegas, United States Golden Route Operations Full timeCity Las Vegas State NV Shift Day Type of Shift Full Time Department Information Technology Sr. IT Network Engineer Golden Entertainment Corporate (Las Vegas, NV) Description: Summary Provide advanced enterprise support for the network infrastructure. Coordinate and deliver system implementations, upgrades, and enhancements to existing...
-
Sr. Design Electrical Engineer
2 weeks ago
Las Vegas, United States Varex Imaging Corporation Full timeSr. Electrical EngineerVarex Imaging's technology helps our customers see more clearly. When you join Varex Imaging Corporation, you’re becoming part of a 50-plus-year history of dedication to the imaging industry. Our imaging component solutions are designed for use in high-speed, high-quality, wireless, and digital imaging systems around the world. Tens...
-
Sr Safeguards
4 weeks ago
North Las Vegas, United States Nevada National Security Site Full timeOverview Mission Support and Test Services, LLC (MSTS) manages and operates the Nevada National Security Site (NNSS) for the . National Nuclear Security Administration (NNSA). Our MISSION is to help ensure the security of the United States and its allies by providing high-hazard experimentation and incident response capabilities through operations,...
-
System Field Engineer Sr.
1 month ago
Las Vegas, United States Lockheed Martin Full timeDescription:This exciting position is with our historic Skunk Works program. Skunk Works is an integral part of Lockheed's Aeronautics business area responsible for advanced systems development including conceptual design and rapid prototyping of clean sheet solutions and improvements and derivatives to existing systems. The ideal skunk is an agile,...
-
Sr. Manager
4 weeks ago
Las Vegas, United States Wynn Las Vegas Full timeJob DescriptionJob DescriptionJob DescriptionThe primary responsibility of the Sr. Manager – K9 Operations at Wynn Las Vegas is to manage all aspects of the K9 Operations for the overall safety and security of employees, guests, and property. The Sr. Manager – K9 Operations is also responsible for upholding the Forbes Five-Star standards and the Wynn...
-
Sr. Manager
4 weeks ago
Las Vegas, United States Wynn Las Vegas Full timeJob DescriptionJob DescriptionJob DescriptionThe primary responsibility of the Sr. Manager – K9 Operations at Wynn Las Vegas is to manage all aspects of the K9 Operations for the overall safety and security of employees, guests, and property. The Sr. Manager – K9 Operations is also responsible for upholding the Forbes Five-Star standards and the Wynn...
-
Sr Manager
1 month ago
Las Vegas, United States Las Vegas Sands Corp. Full timeJob Description: Position Overview The primary responsibility of the Sr Manager - Cyber Security is the day-to-day management and support of the cyber security program. This position oversees and mentors team members and requires a strong working knowledge of cyber security tools, concepts and technologies. The Sr Manager - Cyber Security must demonstrate...
-
Sr. Design Electrical Engineer
1 week ago
Las Vegas, United States Varex Imaging Corporation Full timeTo apply to a Varex Imaging position, please create an account and sign-in. CURRENT VAREX IMAGING EMPLOYEES: Please apply by logging into your internal Workday Account. Summary Varex is seeking a Sr. Design Electrical Engineer (High Voltage) for design of high-power pulsed and CW systems used in charged particle accelerators. The successful candidate will be...
-
Sr. Engineer II
1 month ago
Las Vegas, United States Metasys Technologies Full timeSr. Engineer II - Substation Development 11+Month Contract Las Vegas, NV (onsite) Client is currently seeking a highly experienced Senior Substation Engineer to join the team immediately. The ideal candidate will play a pivotal role in providing comprehensive engineering design services for substation facilities, ensuring timely construction within...
