Lead Application Security Engineer

Job Description

The Lead Application Security Engineer will be responsible for managing the process, procedures and tooling of the application vulnerability management program. This is a hands-on role and requires an application security professional who has a solid background in application development and current coding experience, combined with an understanding of Information Security and Secure Coding / Secure Software Development principles.

Responsibilities

• Assists with the development of the application vulnerability management program.
• Maintaining and iterating documentation related to the application vulnerability management program including the development of, or updates to, new or currently established policies and standards that detail the requirements for managing application vulnerabilities. Assists with the tracking and management of application vulnerabilities one detected through tool assisted, manual, or third party performed security testing.
• Assist with the construction of vulnerability metrics (KRI/KPI), and the reporting of those metrics to help the organization understand the state of risk associated with outstanding vulnerabilities.
• Management and planning of annual external application penetration testing activities.
• Assist with the execution and results management of company’s quarterly perimeter penetration testing activities.
• Assist with the review and selection of tools to manage application vulnerabilities and integration within the SDLC for defect tracking assigned to developers.
• Assist with the retesting efforts associated with vulnerability remediation.
• Evaluating new security trends and technologies.
• Making recommendations to strengthen the information security environment.
• Participating as a subject matter expert in the incident response program.

Job Requirements

• Bachelor's degree in related discipline with 5 or more years of experience.
• Experience working within a secure SDLC environment
• Experience with application assessments (SAST and DAST)
• Excellent communications skills as well as the ability to build effective relationships with business leaders and stakeholders.
• Strong collaboration, communication, problem solving, conceptual and analytical skills.
• Experience with KPI/KRI creation and metrics reporting.
• Able to work at high level of autonomy in a dynamic environment.
• Experience with DevOps activities and integration preferred.

Position Information

Location Greater Cincinnati Area
Employment Type Direct Hire
Job Type Full Time/On Site
Travel Required Minimal

Back to Listings   Apply for this Position