Application Security Engineer
Please note, that all applicants applying for US job openings must be legally authorized to work in the United States.*** Our customer offers automobile, homeowners, and other personal lines of insurance to members across 23 states and the District of Columbia. For decades, theyve brought peace of mind to members by looking to protect their belongings, find solutions to problems, settle... claims, and get their lives back on track. With more than 100 years of history, our Customer is one of the most trusted brands in America. Our customer is looking for an Application Security Engineer on a contract basis to help support their ongoing business needs. This role is 100% remote. What Youll Do Review detected vulnerabilities, filter false-positive results, and assist developers as questions arise from findings Advocate for OWASP Application Security Verification Standard (ASVS) as an internal standard Support standards-compliance in secure system development, support, assessment, remediation, and configuration/change management Conduct security assessments on application code and applications for security flaws, identify potential areas of improvement, and provide actionable recommendations to developers Collaborate with cross-functional teams to ensure that security best practices are incorporated into the design and architecture of the applications Keep abreast of the latest security trends, vulnerabilities, and attack vectors and proactively identify potential risks to the applications Conduct continuous cloud security testing Must Haves Proficiency with application security testing technologies such as SAST, DAST, SCA, IaC, IAST, RASP, Container Image Scanning, etc. Knowledge of common security vulnerabilities and best practices for remediation Experience with security assessment tools such as static analysis tools, dynamic scanners, and open-source library scanners Awareness of application security across multiple verticals such as cloud/service provider, security provider, mobile, appliance Experience with source code management and AppSec testing tools Ability to understand CI/CD Automation Familiarity with secure coding standards and practices, such as OWASP Top 10, and OWASP Top 10 API Familiar with building repeatable and automated security test suites Experience in application security, secure coding, vulnerability assessment, and remediation Ability to understand web application architecture, including frameworks, APIs, and protocols Proficiency in programming languages commonly used in application development, such as Java, C#, Python, or JavaScript Knowledge of key security configurations for services such as EC2, S3, RDS, and EKS Strong customer service skills Proven experience with cloud security posture management and runtime protection Hands-on experience with cloud-native application protection in AWS, Azure, and/or GCP Experience performing threat modeling with application teams Education Bachelor's Degree in Computer Science, Information Security, or a related field Cloud certifications such as AWS Certified Security - Specialty certification a plus Hours & Location: M-F, 40 hours/week. This role will be 100% remote. Perks are available through our 3rd Party Employer of Record (Available upon completion of the waiting period for eligible engagements) Health Benefits: Medical, Dental, Vision, Life (including spouse & child), 401k, STD/LTD, AD&D, and Commuter Benefits program. Please note: In order to create a safe, productive work environment, our client is requiring all contractors who plan to be onsite to be fully vaccinated according to the CDC guidelines. Prior to coming into our offices, contractors will be required to provide proof that they are fully vaccinated. An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability Apply Job!