Geographic Solutions, Inc. ยท 2 months ago
Application Security Engineer III
Palm Harbor, FL
Full-time
Onsite
Senior Level
5+ years expGeographic Solutions, Inc. is seeking an Application Security Engineer III to assist the Chief Information Security Officer in leading and managing the organization's information security efforts. The role involves identifying and reporting security issues, managing risks, and ensuring compliance with industry standards and regulations.
GovernmentInformation TechnologySoftware
Responsibilities
Proficiency in configuration, optimization, and utilization of information security tools such as Crowdstrike or similar EDR, Cisco FTD, Palo Alto , Qualys, HP Fortify, Nessus, Kismet, Airsnort, NMAP, Wireshark, WebInspect, SNORT, Security Onion, and Nikto, Burp Suite, Kali Linux, and other web application penetration testing tools
Sound understanding of manual techniques to exploit vulnerabilities in the Open Web Application Security Project (OWASP) top 10 including but not limited to cross-site scripting, SQL injections, session hijacking, and buffer overflows to obtain controlled access to target systems
Attack and Penetration experience in testing of Internet infrastructure and Web-based applications utilizing manual and automated tools
Architect and design new tools to include SOPs and Diagrams for the SECOPS team and Security and Network operations team
Proficiency in static and dynamic scanning methodologies
Expert ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols
Ability to perform general inspection and implement preventative measures on intrusion detection systems
Assist in managing multiple competing priorities in a fast-paced SaaS environment
Assist in managing third-party security services, application vendors, evaluate new vendors and services
Knowledge of Industry Standards, e.g., ISO 17799/27001, FISMA/FedRAMP, NIST Publications, and other Industry Related Security Standards
Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate Compliance
Hands-on working experience with Microsoft SQL Server 2012/2016/2019
Strong working knowledge of agile and waterfall software development lifecycle methodologies
Experience reviewing or auditing IT general controls, network infrastructure, information security, SDLC, web server, database server, operating systems, and/or software applications to ensure compliance is maintained
Experience in the implementation and management of both offensive and defensive security technologies in conjunction with commercial and federal information security compliance initiatives
Active participation in Enterprise-level Risk Assessment and Business Impact Analysis
Active participation in disaster recovery and business continuity planning and execution
Consulting experience in Information Security
Hands-on working experience with Windows Server 2012/2016/2019
Experience in TCP/IP Networking
Knowledge of Industry Standards, e.g., ISO 17799/27001, NIST Publications, and other industry-related security standards
Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate Compliance
Work with internal and external resources on performing and reporting the annual penetration testing to include complete white-hat testing; Must provide a detailed report and recommendations for improvements and remediation where applicable
Work with internal and external stakeholders to assess security requirements, and approve/modify designs as needed
Ensure vulnerabilities are mitigated in a timely fashion in accordance with the applicable compliance requirements
Support incident responses for all security-related issues 24/7
Qualification
Required
Proficiency in configuration, optimization, and utilization of information security tools such as Crowdstrike or similar EDR, Cisco FTD, Palo Alto, Qualys, HP Fortify, Nessus, Kismet, Airsnort, NMAP, Wireshark, WebInspect, SNORT, Security Onion, and Nikto, Burp Suite, Kali Linux, and other web application penetration testing tools
Sound understanding of manual techniques to exploit vulnerabilities in the Open Web Application Security Project (OWASP) top 10 including but not limited to cross-site scripting, SQL injections, session hijacking, and buffer overflows to obtain controlled access to target systems
Attack and Penetration experience in testing of Internet infrastructure and Web-based applications utilizing manual and automated tools
Architect and design new tools to include SOPs and Diagrams for the SECOPS team and Security and Network operations team
Proficiency in static and dynamic scanning methodologies
Expert ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols
Ability to perform general inspection and implement preventative measures on intrusion detection systems
Assist in managing multiple competing priorities in a fast-paced SaaS environment
Assist in managing third-party security services, application vendors, evaluate new vendors and services
Knowledge of Industry Standards, e.g., ISO 17799/27001, FISMA/FedRAMP, NIST Publications, and other Industry Related Security Standards
Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate Compliance
Hands-on working experience with Microsoft SQL Server 2012/2016/2019
Strong working knowledge of agile and waterfall software development lifecycle methodologies
Experience reviewing or auditing IT general controls, network infrastructure, information security, SDLC, web server, database server, operating systems, and/or software applications to ensure compliance is maintained
Experience in the implementation and management of both offensive and defensive security technologies in conjunction with commercial and federal information security compliance initiatives
Active participation in Enterprise-level Risk Assessment and Business Impact Analysis
Active participation in disaster recovery and business continuity planning and execution
Consulting experience in Information Security
Hands-on working experience with Windows Server 2012/2016/2019
Experience in TCP/IP Networking
Work with internal and external resources on performing and reporting the annual penetration testing to include complete white-hat testing; Must provide a detailed report and recommendations for improvements and remediation where applicable
Work with internal and external stakeholders to assess security requirements, and approve/modify designs as needed
Ensure vulnerabilities are mitigated in a timely fashion in accordance with the applicable compliance requirements
Support incident responses for all security-related issues 24/7
5 or more years of experience in one or more of the following Database Environments: Microsoft SQL Server, Oracle, Sybase, DB2, and MySQL
CISSP, CISM, OSCP, CEH and/or Security+/Network+ Certifications
5 or more years hands on experience in one or more of the following Operating Systems: Windows Server 2008/2012/2016/2019, Linux and UNI
5 years practical experience in TCP/IP Networking
Company
Geographic Solutions, Inc.
Established in 1992, Geographic Solutions, Inc.
201-500 employees
H1B Sponsorship
Geographic Solutions, Inc. has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2024 (2)
2023 (2)
2021 (1)
2020 (3)
Funding
Current Stage
Growth StageRecent News
Company data provided by crunchbase