Position Title: Lead- Application Security Engineer
Location: Remote
Contract Duration: Long Term Contract
Interview: Virtual

Key Responsibilities:

• Web Application Firewall Management:

  • Expertise in AWS WAF and Cloudflare.
  • Tweak and tune rules to ensure optimal in-line and out-of-band security controls.

• Leadership and Communication:

  • Lead and communicate effectively with stakeholders, even without prior experience.
  • Proficient in answering scenario-based questions and navigating updates, risks, and issues to leadership.

• Application Security:

  • Understand and apply OWASP Top 10 principles.
  • Implement and manage Application Security Testing (AST) frameworks (e.g., SAST, DAST, SCA, SBOM, Serverless).
  • Understand information security principles and application security fundamentals.

• AWS Cloud Services:

  • Manage and secure AWS services including WAF, ALB, CloudFront, CloudFormation, ECS, EC2, S3, SQS, RDS, SSL/ACP, CloudTrail, Kinesis, and more.
  • Use AWS SDKs (Java, Boto3 for Python) and CLI tools to automate and manage cloud infrastructure.

• Software Development:

  • Experience in programming with languages like Java and Python.

• CI/CD and Version Control:

  • Implement and manage CI/CD pipelines using Jenkins.
  • Use version control systems like BitBucket and Git.

• Monitoring and Reporting:

  • Develop and manage Splunk queries, dashboards, and lookup tables.

• Collaboration Tools:

  • Use Jira and Confluence for project and documentation management.

• Security Tools:

  • Utilize tools like Postman and Burp (or other HTTP proxy tools) for testing and debugging.

• Support:

  • Provide periodic after-hour support as needed.

Qualifications:

• Strong expertise in AWS WAF and Cloudflare.
• Excellent communication skills and the ability to lead effectively.
• Solid understanding of OWASP Top 10 and application security principles.
• Experience with application security testing frameworks and security controls.
• Proficient in using AWS services and related SDKs and CLI tools.
• Software development experience in Java and Python.
• Knowledge of CI/CD tools like Jenkins and version control systems like BitBucket and Git.
• Experience with Splunk for monitoring and reporting.
• Familiarity with Atlassian tools (Jira and Confluence).
• Proficient in using Postman and Burp for security testing.
• Ability to provide after-hour support periodically.

Preferred/Bonus Skills:

• Experience as a people leader.
• Understanding of information security principles and fundamentals.
• Familiarity with additional AWS services and security best practices.
• Additional programming or scripting experience.
• Experience with other security tools and frameworks.