Lead Application Security Engineer
This role(s) is subject to law, regulation, executive order, or government contract with citizenship/residency restrictions—US Citizens only.
Coveros is seeking a Lead Application Security Engineer to join our team and help provide our clients with threat and vulnerability assessments using a variety of methods, including using network, API, and web application security penetration testing and social engineering to provide an analysis of risks, vulnerabilities, and exploits of mission-critical applications. The Lead Application Security Engineer will lead our Cybersecurity practice and lead solutions that leverage the best of breed agile, DevOps and cybersecurity practices. They are responsible for using code analysis to identify defects in source code and attempt to exploit vulnerabilities. They are expected to apply expertise in network operating systems, OSI model, network port, and protocol and service work to assess networks, operating systems, applications and services for vulnerabilities and exploits. They must be able to analyze security configurations and implementation to determine if they ensure resiliency, and protect customer data. They will make recommendations for appropriate remediation and post-remediation risk evaluation. They are expected to lead and train a growing practice of cybersecurity professionals.
Responsibilities
- Lead a team of consultants to coach, train, and implement DevSecOps practices and culture across varied clients
- Lead Cybersecurity efforts and act as the technical Security SME for Agile/DevSecOps software development projects
- Perform hands-on application security penetration testing and help design and improve the security testing artifacts and process; Create security testing plans and test cases
- Coach and mentor junior team members in delivering high-quality work in support of the Cybersecurity practice
- Participate in Thought Leadership activities by writing blogs, delivering internal knowledge sharing sessions, and, as needed, creating and delivering technical training
Required Qualifications
- Bachelor/Masters degree in Computer Science, Software Engineering, or an equivalent technical degree
- Demonstrated problem solving, analytical skills and technical troubleshooting skills
- 4+ years of software development or scripting experience
- 6+ years of experience in Linux and UNIX administration
- 6+ years of performing advanced-level penetration testing
- 6+ years performing automated and manual Web security reviews
- 4+ years of experience with leading small technical teams in an operational setting, including assigning or overseeing tasks and providing technical support
- Familiarity with security testing tools, like OWASP ZAP, IBM App Scan, Fortify, Checkmarx, Contrast, Metasploit, Burp Suite, Core Impact
- Knowledge of databases including but not limited to Oracle and SQL
- Experience leading threat modeling on applications and systems
- Demonstrated professional experience with Agile methodologies and software development
- Ability to support internal and external customers on multiple platforms
- Proven ability to write clear and concise documentation
- Experience with Threat Modeling and preventing common vulnerabilities and hacks
- Excellent written and verbal communication skills
- Ethical hacking certification(s)
Coveros is an equal opportunity employer, dedicated to a policy of non-discrimination in employment on any basis including age, sex, color, race, creed, national origin, religion, marital status, sexual orientation, political belief, or disability.