Application Security Engineer/Architect-NYC, NY(Hybrid) - A-1 Consulting Inc, Atlanta, GA : Job Details

Hi ,

Greetings !!!!

Please go through the below job description and let me know your interest.

Role: Application Security Engineer/Architect

Location: NYC, NY(Hybrid)

Only : GC / USC*

We are looking for a motivated, detail-oriented individual with strong technical skills. This role's primary focus is on working to secure in-house built and software as a service integrated applications plus working with management on security strategies and product owners/designers/developers/platform engineers/endpoint engineers to design, develop and implement secure systems, networks, and applications. They will also work with Sr. Security Analysts to investigate and respond to security event alerts, manage technical aspects of incident response, work on third party applications/services reviews and the organizations vulnerability management program. This role requires knowledge of Salesforce security and privacy architecture including Salesforce Shield. This role will assist with the creation of a true SDLC program with DevSecOps for our in-house built applications and work with developers to implement information security best practices ensuring that our code is proactively secured while in the pipeline prior to moving to production. The person in this role will need to prioritize and ensure the timely completion of tasks from the scrum masters and management. They should also be able to shift and adjust priorities based on changing business needs in our dynamic environment, while also remaining task-oriented to ensure completion of work from start to finish with appropriate solutions.

Responsibilities:

Configures, manages, and uses security systems, security monitoring and alerting applications, and security management tools.

Works closely with Sr. Security Analysts and Security Platform Engineers to investigate and resolve security related events.

Reviews business partners, new vendors, and products/services for security stature

Work independently with developers, system/network administrators, product owners, design teams and other colleagues to ensure secure design, development, and implementation of applications and networks - promoting a full SDLC program.

Perform security architecture design reviews of our applications (primarily Salesforce).

Perform code analysis of large applications manually and conduct manual vulnerability analysis.

Provide remediation guidance and recommendations to developers and administrators.

Work with development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.

Ensure development teams receive pertinent annual secure coding training.

Researches, evaluates, tests, and assists on implementation of new security solutions around DevSecOps and the application pipeline.

Works alongside project management in a SCRUM environment to successfully monitor progress and implement security initiatives.

Qualifications:

Experience supporting security products like CrowdStrike, SecureWorks, Cisco Umbrella, BitLocker, Qualys, CloudLock, SonarQube, Nexus IQ, and Checkpoint.

Cloud security experience with Salesforce Shield and AWS.

Bachelor's degree in computer science or information security.

Experience investigating and resolving security events.

A keen eye for detail, an analytical thinker, and the ability to multitask.

The ability to thrive in fast-paced, high stress situations.

A problem solver with the ability to communicate effectively with peers, business partners, and management.

Experience working with development teams to build secure solutions.

Experience breaking down complex systems and applications to find flaws.

Able to read, write, and audit Java and the ability to pick up new languages/technologies.

Experience with secure coding practices and architecting secure applications written in Java.

The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management.

Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations, and best practices.

Interest in providing security training to developers.