|Date Posted||April 11, 2018|
Senior Engineer - Application Security (AppSec)
An ICE IS AppSec Senior Engineer is part of a team responsible for ensuring that ICE produces and maintains secure applications. The team member influences secure design, performs code analysis, identifies vulnerabilities through hands-on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management.
- Teamwork: works well with teammates locally and at remote offices; shares knowledge and is seen as someone to go to for help; contributes in weekly peer meetings.
- Problem solving and decision making: demonstrates a sense of urgency; takes ownership of problems and follows temporary fixes with permanent solutions; finds creative solutions.
- Communication: is clear and accurate in verbal and written communication; listens to peers and supported employees; follows directions and provides useful feedback.
- Professionalism: makes a positive impression in person, via phone, and electronically; models a ‘can-do’ attitude; embraces additional responsibility; refrains from office gossip or conflict; works extra hours as-needed to ensure work is complete; adheres to corporate policy and encourages others to do the same.
Core Duties – IS AppSec (Application Security)
- Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing.
- Standards and Policies - Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS.
- Secure Design – Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases.
- Tool Management – Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application’s security with static code analyzers (SAST), dynamic testing (DAST) tools, open source security scanners and bug bounty programs.
- Developer Education – Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities.
Desirable Skills and Experience
- Software engineering experience in Java, C++, .NET and/or related languages
- Expert at deploying, configuring, and using SAST, DAST, and Open Source Security scanning tools in large environments
- Experience designing solutions to secure sensitive data and secrets by applying cryptography, proper access control, and utilizing hardware security modules (HSM)
- Familiar with blockchain, public/private key management, cryptocurrency, and/or experience securing enterprise implementations
- University degree in Computer Science, Engineering, MIS, CIS, or related discipline
Specific Technologies: Checkmarx, WebInspect, BurpSuite, JFrog Xray, Python, Django, Java, C++, HTML5, .NET, iOS & Android, MySQL, Oracle DB
Analyst, Engineer, and Sr. Engineer Distinction
Seniority is determined by experience and demonstration of exceptional competencies including:
- Documenting and effectively publishing technology guidance and repeatable processes
- Mentoring peers in groups and individually
- Improving processes and introducing superior technology
- Taking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices
GA: Atlanta (New Northside Dr)
FULL TIME / PART TIME
ICE is an
Equal Opportunity Employer. All qualified applicants will receive consideration without regard to race, color, religion, gender, sexual orientation, gender identity, national origin or ancestry, age, disability or veteran status, or other protected status.