Application Security Specialist Engineer

Paul May & Associates

  • Chicago, IL
  • Permanent
  • Full-time
  • 4 days ago
  • Apply easily
Position: Application Security Specialist Engineer

Address: Chicago, IL 60601

Salary or Hourly range: $130K Depending on experience DOE

Company relocation - At this time, client will NOT relocate for this role

Company sponsorship - At this time, client will NOT sponsor for this role

Travel: This role may require 0% travel

Duration of role: Direct hire Role - Fulltime

Key Points of the role:

Technical Qualifications * Four + years software development experience either .Net or Java and a love for security
  • Strong skill sets with Secure Development Lifecycle (SDLC)
  • Proven "Azure Cloud security" background.
  • Solid background with development pipelines.
  • "Static Code Analysis" tools such as Fortify or Checkmarx or Appscan or Veracode experience.
  • Proven application vulnerability scanning, code reviews, and penetration testing experience
  • Experience advising development teams on vulnerability remediation
  • Knowledge of CI/CD pipeline, Azure, Octopus, Kubernetes, DevOps
  • OWASP Top 10 experience +++
Our Chicago Loop client is seeking a Security Specialist/Application Engineer.

"We'd like for candidates to have strong skill sets in SDLC, development pipelines and Azure Cloud security. We're not looking so much for red team/pen testing."

This person needs to have some "Static Code Analysis" tools such as Fortify or Checkmarx or Appscan or Veracode experience.

What's truly exciting is this person will own the program from the beginning, so they can build it perfectly and put their own stamp on it. To be clear, this person will not be doing any development, and they don't want a developer who wants to play with security.

An ideal candidate is a developer who comes from a .Net or Java environment and who's transitioned to security and has passion for the security side.

Technically this person will collaborate on securing coding/development practices reviewing the code with threat modeling security in mind.

This person will be directly involved with providing reports/metrics, and vulnerability scans, vulnerability remediation efforts, code reviews and penetration testing.

Overall this person will help develop the SDLC, and define the standards to assist the developers code a more secure product.

The Security Specialist/Application Engineer will be instrumental in embedding information security into the code which the development team codes for websites primarily.

OWASP Top 10 experience is a plus because the client prefers both (Web & API) OWASP TOP 10 versions.

From a personality perspective, we're targeting a mature, self-motivated, and highly organized and communicator. This person needs to be collaborative because they will be building relationships with teams that own different applications. This person must have "take ownership" and leader who can identify and explain complex technical challenges.

If applying for this role - Please take each key point and provide number of years experience and what you would rate yourself, 1 thru 10 (10 being expert) for each key point. Send your resume and notes on the role to expediate our recruiting services.