Senior Application Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Oreva Technologies, Inc. · 1 day ago

Senior Application Security Engineer

positionUnited States
timeContract
remoteRemote
senioritySenior Level

Oreva Technologies, Inc. is seeking a Senior Application Security Engineer to join their information technology team. The role focuses on maturing software security practices by analyzing risks from vulnerabilities and implementing remediation strategies for applications and open-source libraries.

ConsultingIT ManagementManagement ConsultingSoftware
check
H1B Sponsor Likelynote

Responsibilities

Set up and operate software security testing techniques in conformity with the technical reference architecture and the companies security policies and guidelines
Conduct in-depth analysis of open-source threats and vulnerabilities (including zero-day), collaborate with engineering teams to evaluate and assess the impact of vulnerabilities on current code, including libraries, frameworks, and dependencies
Identify and prioritize high-risk open-source components within our codebase, considering factors such as exploitability, severity, and exposure
Develop and implement remediation and risk mitigation plans to address identified vulnerabilities
Coaching and hands on experience for code refactoring, patching, and dependency updates
Identify and recommend engineering design changes to help reduce vulnerabilities
Champion and evangelize secure coding practices with the engineering community
Develop and lead security reviews and drive innovative security remediation efforts
Provide technical designs for innovative software solutions to address security risks
Coaching and assisting in administration and configuring of security tools, documenting secure configurations
Serve as an Application security consultant and advisor for software engineering teams in assisting with secure coding best practices, threat detection, Software security vulnerabilities, security reviews, remediation recommendations throughout the delivery lifecycle
Building relationships and developing partnerships with engineering/development, security operations, enterprise and application architecture teams to mature Security Coding practices for the company owned applications and platforms
Stay informed about emerging threats and vulnerabilities in the open-source community, understanding impact of attacks, controls and mitigation measures in the application security space
Communicate project related security risks, control and remediation measures accurately and in a timely manner to stakeholders and impacted teams
Integrate and adhere with the defined development and delivery process/ Change Management, SLA Compliance, productivity and other enterprise goals
Serve as a thought leader, change agent and influencer within the enterprise providing feedback to leadership, engineering, architecture and security operation team members
Draw flowcharts, architecture diagrams, incident response strategies, and security roadmaps
Evaluate and improve security posture maturity
Work closely with CISO and security team to align development with enterprise security goals
No penetration testing—focus is on code-level security and posture improvement
Implement and manage secure coding practices across development teams
Conduct code vulnerability analysis and remediation (Java/JavaScript focus)
Create roadmaps and dashboards for security posture improvement
Lead POCs for security tools and recommend best-fit solutions
Collaborate with CISO and security leadership on cloud and application security strategy

Qualification

Application SecurityJavaJavaScriptVulnerability RemediationAWSSecure Coding PracticesStatic Security TestingOpen-source SecurityCode ReviewAnalytical MindsetLearning AttitudeCommunication SkillsProblem-solvingTeam Collaboration

Required

Good experience in Application security as well as a development Background
Hands-on expertise in analyzing risk from vulnerabilities and assessing their impact on custom applications and open-source libraries
Deep understanding of open-source vulnerability remediation
Practical experience in remediation for Java and JavaScript software
Understanding of risk mitigation techniques to ensure the security of software applications
Set up and operate software security testing techniques in conformity with the technical reference architecture and the companies security policies and guidelines
Conduct in-depth analysis of open-source threats and vulnerabilities (including zero-day)
Collaborate with engineering teams to evaluate and assess the impact of vulnerabilities on current code, including libraries, frameworks, and dependencies
Identify and prioritize high-risk open-source components within our codebase, considering factors such as exploitability, severity, and exposure
Develop and implement remediation and risk mitigation plans to address identified vulnerabilities
Coaching and hands-on experience for code refactoring, patching, and dependency updates
Identify and recommend engineering design changes to help reduce vulnerabilities
Champion and evangelize secure coding practices with the engineering community
Develop and lead security reviews and drive innovative security remediation efforts
Provide technical designs for innovative software solutions to address security risks
Coaching and assisting in administration and configuring of security tools, documenting secure configurations
Serve as an Application security consultant and advisor for software engineering teams in assisting with secure coding best practices, threat detection, Software security vulnerabilities, security reviews, remediation recommendations throughout the delivery lifecycle
Building relationships and developing partnerships with engineering/development, security operations, enterprise and application architecture teams to mature Security Coding practices for the company owned applications and platforms
Stay informed about emerging threats and vulnerabilities in the open-source community, understanding impact of attacks, controls and mitigation measures in the application security space
Communicate project related security risks, control and remediation measures accurately and in a timely manner to stakeholders and impacted teams
Integrate and adhere with the defined development and delivery process/ Change Management, SLA Compliance, productivity and other enterprise goals
Serve as a thought leader, change agent and influencer within the enterprise providing feedback to leadership, engineering, architecture and security operation team members
Strong spoken and written communication skills
Analytical and Problem-solving mindset
Developer background with experience in all types of application security testing specific to Software composition Analysis
Good understanding of web application security, static security testing, cloud security, container security - tools, scan, triage, risk evaluation and remediation
Thorough understanding and experience in identifying and mitigating application vulnerabilities publicized by OWASP, WASC, CWE, CVE etc
Strong knowledge on industry best practices, code review and analysis
Proficient with source code security review and remediation
Experience working with application development teams, architecture teams, security teams, and infrastructure teams
Has advised and guided teams with secure coding practices and design best practices for security risk recommendation and remediation
Thorough familiarity with different industry standard tools for code repository management, code quality, DevOps, containers, and AWS cloud services
Hands-on experience with tools such as Sonatype, Qualys, SonarQube, and AWS Inspector
Proficient with the following languages: JavaScript, Java, and Python
Working knowledge of GitHub, AWS ECS/EKS, AWS Lambda, Docker, Terraform
Interested in learning and applying new technologies and concepts while staying up to date with technology tools and trends in the industry
Possess a positive, can-do attitude and enjoys making a difference in the business through technical contributions
Ability to think creatively, stimulate new ideas and challenge existing thinking
Excellent communication skills and ability to articulate technology topics to both technical and non-technical audiences
Position requires a bachelor's degree in computer science or computer engineering with AWS certifications and security certifications and/or equivalent experience

Preferred

Mortgage Industry Experience would be a plus
Bonus: Experience with AI security

Company

Oreva Technologies, Inc.

twittertwitter
company-logo
Oreva Technologies is headquartered in Irving, TX. We provide staff augmentation services to IT and non-IT enterprises.
location
Irving, Texas, USA
people-size51-200 employees
web-link
http://orevatech.com/

H1B Sponsorship

Oreva Technologies, Inc. has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2022 (6)
2021 (6)
2020 (4)

Funding

Current Stage
Growth Stage
Company data provided by crunchbase