Apply on Employer Site

ICE · 2 days ago

Engineer, Application Security

Jacksonville, FL

Full-time

Onsite

Entry, Mid, Senior Level

ICE is a company focused on maintaining secure applications through a dedicated team. The AppSec Engineer will influence secure design, perform code analysis, identify vulnerabilities, and assist developers in remediation efforts.

E-CommerceFashionJewelryMarketplace

No H1B

U.S. Citizen Only

Responsibilities

Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing

Standards and Policies - Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS

Secure Design - Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases

Tool Management - Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application’s security with static code analyzers (SAST), dynamic testing (DAST) tools, software composition scanners, Web Application Firewall (WAF) and bug bounty programs

Developer Education - Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities

Qualification

Application SecuritySASTDASTJavaC++.NETCI/CD integrationSecure coding practicesProcess improvementCloud environmentsMentoring

Required

An ICE IS AppSec Engineer is part of a team responsible for ensuring that ICE produces and maintains secure applications

The team member influences secure design, performs code analysis, identifies vulnerabilities through hands-on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management

Operates the Application Development Security Lifecycle from design review through automated and hands-on testing

Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS

Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases

Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application's security with static code analyzers (SAST), dynamic testing (DAST) tools, software composition scanners, Web Application Firewall (WAF) and bug bounty programs

Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities

Software engineering experience in Java, C++, .NET and/or related languages

Expert at deploying, configuring, and using SAST, DAST, and Software Composition in large environments

Experience designing solutions to integrate transparently with the CI/CD pipeline

Familiar with application development in large cloud environments

University degree in Computer Science, Engineering, MIS, CIS, or related discipline