Software Engineer (Application Security) - Hybrid from Dedham, MA
Under the supervision of the Manager, Applications Development, the Application Security Engineer will ensure the security of the company's web applications. The ideal candidate will have experience with a variety of security tools and technologies and will be able to work with our development team to implement security best practices.
Responsibilities:
Develop and enforce security best practices for software development
Perform security audits, risk assessments, and code reviews
Integrate security measures into the SDLC (Software Development Life Cycle)
Collaborate with development teams to address security issues and ensure compliance with security standards
Develop and maintain secure coding guidelines for Java, Oracle, WebLogic, and J2EE technologies.
Stay updated on the latest security threats and countermeasures
Ability to internally scan applications, manage vulnerabilities, and remediate security issues
Work with onshore and offshore team members to conduct security updates to libraries and internal software
Hands-on development to implement new security features as part of any application development
Work closely with the infrastructure team to improve the security posture of all systems
Qualifications:
Bachelor's degree in Computer Science, Information Security, or a related field.
5+ years of IT development experience
Proficient in Java, J2EE technologies, Oracle databases, and WebLogic
Minimum of 3 years of experience in application security or a related field
Strong understanding of web application security principles and how to apply them
Experience with security testing tools and methodologies
Excellent problem-solving skills and ability to think like both a developer and a security analyst
Familiarity with security frameworks such as OWASP, etc.
Familiarity with various application security tools such as Veracode, SonarQube, DataDog, Quixxi, Rapid7, etc.
Security certification strongly preferred, including but not limited to CISSP, CISM, CISA