Cloud Application Security Engineer - CISM/CISSP/CISA (8-14 yrs) (Cynosure Corporate Solutions)

Cloud Application Security Engineer

Main purpose of the job :

- Provide application security services including secure coding techniques and reviews, education & awareness, process and tools, security testing support and guidance for internal software development projects.

- To provide guidance on software security best practice and compliance and undertake application security testing.

- To ensure awareness of and enforce policies, procedures and practices relating to the confidentiality, integrity and availability of information.

Key Areas of Responsibilities and Tasks :

- Identify application security risks and requirements for new projects and system developments. Enforcing security policies and procedures concerning production infrastructure.

- Lead security architecture reviews

- Integrate threat modeling practices into the Software Development Lifecycle

- Perform Security Architecture and Low Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security and Network Security

- Sign-off on application security prior to live implementation

- Work with the architecture and development teams to review code for security vulnerabilities and embed/improve security threat modelling and secure coding in the development lifecycle

- Ensuring that necessary controls and processes exist to appropriately correlate and assess security events.

Criterion Essential Desirable :

Education/Qualifications :

Bachelor's degree required; Master's Degree in related field -

- Certification in information security such as CISM, CISSP, CISA or equivalent -

Experience :

- In-depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework. -

- In depth understanding of secure web application development, Java, Java development frameworks, PHP, web services and SOAP,API -

- Experience in application technology security testing (white box, black box and code review) -

- Experience of web application and Agile development methodologies -

- Understanding and familiarity with common code review methods and standards

- Understanding of Apache web server and Unix server operating systems -

- Understanding of HTTP and web programming

- Knowledge of standard SDLC practices

- Knowledge of common security requirements within ASP.NET application

Skills/ Abilities/ Knowledge :

- Highly developed organizational skills and attention to detail -

- Ability to handle multiple projects and priorities simultaneously with a high degree of professionalism and client service orientation -

- Excellent interpersonal and leadership skills -

- Proven communication skills, both verbal and written -

- Able to communicate effectively with internal personnel and clients on all levels -

- Develop security testing plans and integrate into the software development lifecycle. Assist Development and QA Teams to set up static testing tools

- Perform/oversee security testing and manage remediation of identified vulnerabilities

- Conducting security incident and event investigation and analysis.

- Maintaining awareness of cyber trends, threats, and vulnerabilities.

- Participate in systems design to ensure implementation of appropriate technical security policies and technology across all layers.

- Prepare and monitor operational security metrics and trends.

- UNIX or Linux exposure

- Experience of AWS and Azure

Apply Now