Senior Application Security Engineer
This role(s) is subject to law, regulation, executive order, or government contract with citizenship/residency restrictions—US Citizens only.
Coveros is seeking Senior Application Security Engineers to join our team and help provide our clients with threat and vulnerability assessments using a variety of methods, including using network, API and web application security penetration testing and social engineering to provide an analysis of risks, vulnerabilities, and exploits of mission-critical applications. Senior Application Security Engineers contribute to our Cybersecurity practice and lead the deployment of solutions that leverage best-of-breed agile, DevOps and cybersecurity practices. They are responsible for using code analysis to identify defects in source code and attempt to exploit vulnerabilities. They are expected to apply expertise in network operating systems, OSI model, network port, and protocol and service work to assess networks, operating systems, applications and services for vulnerabilities and exploits. They must be able to analyze security configurations and implementation to determine if they ensure resiliency, and protect customer data. They will make recommendations for appropriate remediation and post-remediation risk evaluation. They are expected to have a foundational understanding of modern Software Development Lifecycle techniques, like Agile, and familiarity with continuous integration and continuous deployment (CI/CD) pipelines. They are expected to lead and train a growing practice of cybersecurity professionals.
Responsibilities
- Lead and contribute to team of consultants coaching, training, and implementing DevSecOps practices and culture across varied clients
- Lead Cybersecurity efforts and act as the technical Security SME for Agile/DevSecOps software development projects while providing guidance to developers on recommended controls and countermeasures
- Perform hands-on application security penetration testing and help design and improve the security testing artifacts and process; Create security testing plans and test cases
- Develop detailed penetration test and application security reports. Present test findings and interface with stakeholders
- Coach and mentor junior team members in delivering high-quality work in support of the Cybersecurity practice
- Participate in Thought Leadership activities by writing blogs, delivering internal knowledge sharing sessions, and, as needed, creating and delivering technical training
Required Qualifications
- Bachelor/Masters degree in Computer Science, Software Engineering, or an equivalent technical degree
- Demonstrated problem solving, analytical skills and technical troubleshooting skills
- Excellent interpersonal and soft skills
- Excellent written and verbal communication skills
- Ability to obtain a security clearance
- 3+ years of software development and scripting experience
- 4+ years of experience in Linux and UNIX administration
- 4+ years of performing advanced-level penetration testing including Web Services penetration testing (RESTful and SOAP)
- 4+ years performing automated and manual Web security reviews
- 3+ years of experience with leading small technical teams in an operational setting, including assigning or overseeing tasks and providing technical support
- Familiarity with security testing tools, like OWASP ZAP, IBM App Scan, Fortify, Checkmarx, Contrast, Metasploit, Burp Suite, Core Impact
- Knowledge of databases including but not limited to Oracle, SQL Server, and MySQL
- Experience leading threat modeling on applications and systems
- Demonstrated professional experience with Agile methodologies and software development
- Ability to support internal and external customers on multiple platforms
- Proven ability to write clear and concise documentation
- Experience with Threat Modeling and preventing common vulnerabilities and hacks
- Ethical hacking certification(s)
- Experience working with IT Security offices to analyze and remediate vulnerabilities
Coveros is an equal opportunity employer, dedicated to a policy of non-discrimination in employment on any basis including age, sex, color, race, creed, national origin, religion, marital status, sexual orientation, political belief, or disability.