Application Security Engineer (Open to Remote) Job Summary: The Application Security Engineer would be responsible for evaluating existing software solutions for any potential security risks, establishing a plan to remediate any issues identified and implement code changes to ensure our systems are secure. They would be responsible for evaluating and understanding industry leading 3rd party security solutions to ensure IGS Energy’s standards across engineering maintain strong security defaults. Primary Responsibilities: As an Application Security Engineer on the team, you will help IGS Energy transition thinking, tooling, and design over time to adding security into early-stage development Provide other engineering team members with well-researched practical security advice to demonstrate reusability, abstracting configuration from code, collaborating with all teams to provide and help contribute to secure development guidance Help to integrate automated and repeatable controls into the SDLC pipeline Develop strategy for and participate in penetration testing and security review processes Conduct architectural security reviews with product engineering teams Conduct application security testing and source code reviews for a variety of technologies Conduct security research on the latest best practices, threats, trends, and vulnerabilities affecting the development frameworks used at IGS Energy Schedule, perform and manager a variety of offensive security activities in coordination with product development teams Document and disseminate security guidelines to address common security issues and to establish baselines Minimum Education and Experience: Should have 5 years of software engineering experience (.NET/Web preferred) Should have 5 years working on application security and defining best practices Experience with variety of SAST/DAST tools Experience identifying and protecting against security vulnerabilities, including those found in the OWASP Top 10 and CWE Top 25. Experience with web, cloud, and microservices architectures Experience conducting application security reviews and creating threat models for a complex set of technologies Experience triaging and validating security vulnerabilities At this time, IGS Energy is hiring people in the following states: Alabama, Arizona, Arkansas, Colorado, Connecticut, Delaware, Florida, Georgia, Illinois, Indiana, Iowa, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Nebraska, Nevada, New Hampshire, New Jersey, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Virginia, Washington (State), West Virginia, Wisconsin, and Wyoming. If your state is not listed, but you are imminently moving to a state where we are hiring, please apply. You will receive instructions once your application is submitted.