Application Security Engineer

The Application Security Engineer is responsible for leading department-wide focus on the strategy, development, implementation, and maintenance of the application security program across research, development, quality assurance, support, and IT systems. This is a hands-on position that requires a great deal of general security experience, as well as application development experience and secure coding knowledge.

Location(s):North Carolina Research Triangle preferred, or Remote (if we find someone in India that may work too)

Day-to-Day Responsibilities:

Responsibilities include but are not limited to:

• Manage threat detection & SIEM platforms.
• Advise in, and participate in, the design of secure products and architectures.
• Perform architecture security reviews, security focused code reviews, and security testing.
• Create or approve documentation that codifies the application security program: this will include the development of secure coding policies, procedures and standards, modification of the SDLC to include the necessary security checkpoints, product deployment, and code review methodologies.
• Evaluate potential security related issues and make recommendations on third party tools and components.
• Mentor more junior engineers by leading and influencing technical decisions, processes, and best practices with an expert ability to explain technical concepts in written and verbal forms.
• Work closely with engineering and product teams to design and implement security-related systems and functionality, including writing secure code as necessary, and verification of threat models, risk, and security posture.
• Monitor software usage and perform forensics to verify that the software and infrastructure is performing to the required security standards.
• Perform constant monitoring and awareness of key developments in the area of systems, web application, and client application security in order to provide direction of security trends and anticipate emerging standards and best practices.
• Attend all meetings necessary for the seamless delivery of the product as part of the Software Development Life Cycle for both On-prem and SaaS.
• Engage with customers as needed for deep dives into CData SDLC controls.
• Manage and conduct penetration testing and security code reviews.
• Lead hands-on trainings for engineering teams following OWASP top risks.
• Participate in public security projects and or volunteer time and knowledge to improve the broader security community, representing the company's mission and goals, as well as promoting cooperation and knowledge sharing.

Qualifications:

• 8 years of increasing responsibility and complexity in terms of any applicable professional experience.
• Bachelor's Degree or global equivalent in related discipline.
• Typically holds 2 or more industry certifications CISSP preferred.
• Actively engage using unique wide-range of professional skills with an expert understanding of industry practices and compliance – SOC2, ISO, NIST.
• Excellent planning / organizational skills and techniques.
• Excellent analysis and problem-solving skills.
• Excellent writing, presentation, and communication skills.
• Excellent negotiating skills.
• Excellent knowledge of secure application programming, coding life cycles and designs.
• Excellent understanding of security principles, best practices architectures, tools and processes
• Advanced knowledge of multiple current operating systems, network architecture and hosting environments Azure, AWS.
• Excellent knowledge of authentication protocols and encryption.
• Advanced knowledge of data storage formats, tools and languages.
• Advanced knowledge in supply chain / build release risks.
• Advanced knowledge in Application Penetration testing tools and processes.
• Advanced knowledge of technical stacks, React, .Net, Java, APIs, and SQL Server BD.

Travel Required:10%