Experience Inc. Jobs

Job Information

General Dynamics Information Technology Application Security Engineer (Java) in Rensselaer, New York

Clearance Level Must Currently Possess:

No Active Clearance Required

Clearance Level Must Be Able to Obtain:

No Active Clearance Required

Suitability:

No Suitability Required

Job Family:

Software Development

Job Description:

The Application Security Engineer will be responsible for integrating security into the development of NYSoH’s applications. The Application Security Engineer will work closely with the software development team to threat model, vulnerability scan, and pen test the early software, system, and network architecture and identify required control points in the application stack. The Application Security Engineer will also work closely with developers to diagnose, document, and remediate application security vulnerabilities. The Application Security Engineer will also be responsible for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.

This is a new position and the first application security hire. You will help to establish risk frameworks, identify application vulnerabilities, perform risk assessments, and work cross functionally to remediate, mitigate, or accept the risk(s) of vulnerabilities. Secondarily you will be responsible for implementation and maintenance of security tools with a focus on improving automated testing processes and reporting.

You would get an opportunity to work alongside some of the most senior engineers at GDIT to support the programs comprehensive efforts to identify and remediate software security defects and maintain a high level of software quality for our client.

Responsibilities

  • Provide leadership and expertise in application security.

  • Develop remediation plans to target cyber security vulnerabilities.

  • Offer cyber security thought leadership and secure coding standards.

  • Identify appropriate security check points in the systems development life cycle.

  • Perform risk-based, technical assessments of applications, using dynamic and static scanning tools; Produce reports, and meet with development team.

  • Work with appropriate stakeholders in app dev and management to develop a formal Application Security Verification Standard within our SDLC process.

  • Perform application security audits ensuring compliance with industry standards, procedures, etc.

  • Consult with application development and technical operations on security designs of applications, potential vulnerabilities, and remediation.

  • Create documentation and training materials to educate development team and other stakeholders on key security concepts.

  • Research new attack vectors and stay current with cybersecurity news and trends.

  • Develop and maintain a balanced application security program based on a well-defined application security framework.

  • Conduct application security assessments / penetration tests and implement tools for dynamic/automated code reviews.

  • Work with Development Designers and Application Architects on application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments.

  • Continuously evaluate the organization’s existing application security practices, define and measure security-related activities, and demonstrate concrete improvements to the application assurance program within the organization.

  • Consult with the Development leadership on application development training for developers

Qualifications

The ideal candidate would have a development background, as well as a strong background in Security principles as it relates to code.

  • Bachelor’s Degree in computer science or other relevant discipline.

  • Eight (8) years of Information Technology experience

  • Must have come up or be a current Java programmer with a strong secure coding background.

  • Three (3) – five (5) years’ experience in a software development field such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer.

  • 3+ years of experience working in Information Security with a focus on application security

  • Experience conducting application security assessments, penetration tests and implementing tools for dynamic/automated code reviews

  • Demonstrated experience with security tools. Experience with dynamic and static application scanning: (Veracode, Appscan, Fortify)

  • Experience developing remediation plans to target cyber security vulnerabilities

  • Experience performing application security audits ensuring compliance with industry standards

  • Ability to communicate effectively in writing and verbally with an attention to detail

  • Demonstrated collaboration and teaching abilities.

  • Strong analytical problem-solving skills.

  • CISSP, CEH, CISA, OSCP, OSCE, or OSWE Certifications are a major plus

Scheduled Weekly Hours:

40

T elecommuting Options:

Telecommuting Not Allowed

Work Location:

USA NY Rensselaer

Additional Work Locations:

For more than 50 years, General Dynamics Information Technology has served as a trusted provider of information technology, systems engineering, training, and professional services to customers across federal, state, and local governments, and in the commercial sector. Over 40,000 GDIT professionals deliver enterprise solutions, manage mission-critical IT programs, and provide mission support services worldwide. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.

Join our 35,000 everyday heroes.

We connect people with the most impactful client missions, creating an unparalleled work experience that allows them to see their impact every day. We create opportunities for our people to lead and learn simultaneously. From securing our nation’s most sensitive systems, to enabling digital transformation and cloud adoption, our people are the ones who make change real.

DirectEmployers