Robert Half is the world’s first and largest specialized talent solutions firm that connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®, a global consulting firm that provides internal audit, risk, business and technology consulting solutions. Explore our talent solutions, research and insights at RobertHalf.com. JOB REQUISITION Application Security Engineer LOCATION SAN RAMON JOB DESCRIPTION Robert Half is seeking a Security Engineer III - Application Security as part of our top-tier team, to help our developers and engineers build secure-by-design solutions. Your job will be focused on building tools and components that meet the needs of the various technology organizations at Robert Half. You will lead the effort to ensure that applications have security built-in before they are released by consulting on their architecture and development early in the SDLC. You will help develop components that teams can integrate into their code to address common security needs such as session management, logging/alerting, and secure configuration. You will perform security assessments and code reviews. This role is highly collaborative and involves learning significant information about teams’ use cases, application architecture, and infrastructure. The role blends both application security and development, and you should be comfortable developing, building, and deploying code. As a Security Engineer - Application Security, your specific responsibilities will include: Develop core components to support common application security needs such as session management, logging/alerting, and secure configuration. Become an expert in the business logic of various teams’ applications and make recommendations specific to their use case and their needs. Leverage application security assessment tools to identify deficiencies and suggest more secure coding techniques. Analyze application code and clearly articulate recommend fixes to address deficiencies. Collaborate with development teams to carry out Application Security Reviews and conduct penetration testing where appropriate. Provide expert advice and consultancy to internal customers on risk assessment, threat modeling and fixing vulnerabilities. Be able to articulate, vulnerabilities, application defects, technical controls, risks, and other complex security matters with the Business in a manner that can easily be understood. Take the lead in providing consultancy to external projects of larger size. Lead team and vendors to develop a secure solution to support business needs and to provide security review and certification to ensure best practice and quality delivery of all technical solution that meet security Assess and update internal project engagement methodology and process to better align with the SDLC. Research Robert Half’s specific threat issues through threat modeling and counter intelligence profiles to determine and define appropriate technical protection standards. Develop architectural security standards and best practices documentation required to support the security program globally. Support team and vendors in developing a secure solution to support business needs and to provide security review and certification to ensure best practice and quality delivery of all technical solution that meet security requirements. Provide timely and relevant metrics on security matters to develop security risk analysis scenarios and response procedures. Provide subject matter expertise in hardware, software and application security principles Carry out acquisition and vendor technical risk assessment due diligence. Involved in the evaluation of products and/or procedures to enhance productivity and effectiveness. Play a critical role in the technical coordination and remediation of any needed incident response activities required during a Security Incident Response event. Working with your peers develop and maintain an effective security analytics platform using tools such as Athena or to provide better security intelligence. Qualifications: Bachelor's degree in related field or equivalent experience. 5 years’ IT security engineering experience or a non-technical degree with 7 years’ security engineering experience. A strong development background, including experience in multiple languages, familiarity with different system architecture models (e.g. microservice vs. monolith), and experience working with teams to gather requirements and develop software. Professional experience in security analysis, development, engineering, and support, including experience working with software development teams and making architectural decisions for software components. Security-focused certifications a plus (CISSP, CISA, CCSP, CEH, AWS, etc.). In depth experience with security frameworks, such as NIST 800-53. Experience as a primary technical lead in Incident Response, to include a deep understanding and working knowledge of forensics and root cause analysis. Experience with securing cloud-based technology deployments and service offerings, to include SaaS, IaaS, PaaS. Experience with evaluating application code and ensuring secure coding practices. Solid expertise with multiple programming languages, to include: Python, PowerShell, Java, JavaScript, Net, C#/C , and the like. Security related technologies and solutions (firewalls, IPS, WIDS, WAF, SIEM, DLP, RMS, vulnerability scanner, web proxy, endpoint security, etc.) Ability to communicate in-depth business processes to technical resources. Working knowledge and direct experience managing complex security issues. Ability to gather, combine and document requirements effectively to propose secure solutions. Ability to create thorough and complex documentation and facilitate, conduct meetings, gather information and present status. Ability to think independently and in team setting to ensure security issues are addressed in a manner consistent with security principles in mind. Possess a security mindset and help instill in other team members. Assess challenges within the concept of overall organizational risk. At Robert Half, there’s more to us than what we do. Learn about our values and what it’s like to work for the largest specialized staffing firm in the world at our San Ramon, California, Corporate Services office. Take a look at roberthalf.com/corporate-office-video. Robert Half International Inc. is an Equal Opportunity Employer. M/F/Disability/Veteran As part of Robert Half’s Corporate Services facility employment process, any offer of employment is contingent upon successful completion of a background check. Robert Half is committed to being an equal employment employer offering opportunities to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to apply for a position, please contact us by sending an email to HRSolutions@roberthalf.com or call 1.855.744.6947 for assistance. In your email please include the following: The specific accommodation requested to complete the employment application. The location(s) (city, state) to which you would like to apply. JOB LOCATION CA SAN RAMON CORP ADDITIONAL LOCATION