AdventHealth Application Security Engineer - Associate in Altamonte Springs, Florida
Application Security Engineer - Associate
AdventHealth Information Technology
Location Address: Altamonte Springs, FL
Top Reasons To Work At AdventHealth Corporate
· Great benefits
· Immediate Health Insurance Coverage
· Career growth and advancement potential
· Award-winning IT Department
Full-Time, Monday – Friday
You Will Be Responsible For:
· Perform technical assessments of applications based, using both dynamic and static scanning tools, produce reports, open tickets in work tracking systems (e.g. ServiceNow, Jira), and meet with development teams as required
· Implement, operate and maintain Application Security Tools, such as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools
· Analyze source code of applications written in common programming languages (Java, .NET, PHP, NodeJS, Python, etc.) with a focus on secure coding practices and principles.
· Work with product owners to build Application Threat Models with the intent to identify, communicate, and understand threats and mitigations.
· Work in tandem with internal and external developers as part of a secure software development life cycle.
· Support the maintenance of technical documentation.
· Assist with developing and providing training in secure coding practices.
· Develop a familiarity with new tools and best practices and assist with the integration of these toolsets with the enterprise.
· Stay up to date on application security vulnerabilities and mitigation techniques to provide awareness to the developers and Application Security teams.
KNOWLEDGE AND SKILLS REQUIRED:
· Detailed technical knowledge of techniques, standards and state-of-the art capabilities surrounding authorization, applied cryptography, security vulnerabilities and remediation.
· Adequate knowledge of web related technologies (web applications, web services, and service-oriented architectures) and of network/web related protocols.
· Familiarity with Application Threat Modeling methodologies (e.g., STRIDE, FAIR, and Octave)
· Able to contribute in a team environment with other team members with varying skills, experience, and locations.
· Able to communicate technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements.
· Excellent analytical and multitasking skills.
· Basic concepts of common security frameworks (e.g., ISO, NIST, HITRUST).
· Basic concepts of varying industry data standards (e.g., PCI, HIPAA).
· Have a strong understanding of OWASP Top 10 and similar frameworks.
· Experience with Agile (e.g., SCRUM, Kanban) software development models.
· Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape as well as security trends in the industry.
KNOWLEDGE AND SKILLS PREFERRED:
· Proficient with Micro Focus Fortify and WebInspect platforms (or similar enterprise static and dynamic analysis tooling)
· Ability to articulate and express both verbal and non-verbal correspondence.
· Ability to translate control framework (e.g. HITRUST, PCI) requirements into understandable and actionable tasks.
EDUCATION AND EXPERIENCE REQUIRED:
· Bachelor’s degree from an accredited university in either Computer Science or Information Security/Assurance, or related field.
· Three (3) or more years of global work experience in Computer Science, Information Security and/or Software Engineering, in a diverse workforce environment, promoting security awareness.
· A minimum of 2 or more years of professional experience in Information Security, preferably in the areas of application security, or security engineering.
EDUCATION AND EXPERIENCE PREFERRED:
· Five (5) or more years of global work experience in Computer Science, Information Security and/or Software Engineering, in a diverse workforce environment, promoting security awareness.
LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:
· Security certifications (e.g., CISSP, CISM, CSSLP, GIAC-GWEB, CEH, Security +), or similar certifications.
· Non-Security Certifications (e.g., Microsoft, Cisco, Palo Alto)
The Application Security Engineer Associate will work as a member of the Application Security Team located in Enterprise Information Security. In this role, the Application Security Engineer Associate will analyze source code of applications written in common programming languages (Java, .NET, PHP, NodeJS, Python, etc.) with a focus on secure coding practices and principles. Work directly with product owners to properly build and document Application Threat Models. Leverage commercial and Open Source toolsets to perform static and dynamic analysis on internally and externally developed applications, and effectively communicate findings to development teams. Perform on-going security testing and code review to improve software security. Work in tandem with internal and external developers as part of a secure software development life cycle. Establish and participate in secure coding review practices amongst developers.
We are an equal opportunity employer and do not tolerate discrimination based on race, color, creed, religion, national origin, sex, marital status, age or disability/handicap with respect to recruitment, selection, placement, promotion, wages, benefits and other terms and conditions of employment.