Cyber Security Application Engineer- Nielsen- FL, US

Cyber Security Application Engineer- Nielsen- FL, US

Cyber Security Application Engineer

The Cyber Security Application Engineer is responsible for formulating security test strategies, conducting threat modeling, designing security test plans and test cases, and executing security tests to validate the application is secured according to defined security policy, standards, and best practices.

Job Responsibilities

    • Conducts penetration tests against internal and external applications
    • Executes automated and manual security tests according to test strategy and documents all the findings
    • Conducts threat modeling and assessment and defines pen test scope for sufficient coverage
    • Finds ways to enhance the security testing framework and looks for ways to improve it
    • Provides feedback to application teams and other internal customers on the production readiness of software as it relates to security
    • Reviews security requirements of applications and project documentation and asks follow-up questions as needed to gain a full understanding of requirements and applications
    • Integrate security testing into the CI/CD pipelines
    • Develop Ruby and/or Python code to support security testing automation and integration
    • Performs code reviews of application source code
    • Develops standards for secure software coding
    • Defines and develops security test strategies for small-medium projects; provides input for large projects/programs
    • Develops security test plans and test cases and ensures coverage of requirements and application functionality
    • Assists teams if they do not understand the security issues or how to fix
    • Mentors junior security professionals or developers
Role Requirements
    • Bachelor’s degree or equivalent work experience
    • 4+ years of experience in a technology role
    • 2+ years in a cyber security role
    • 1+ years conducting penetration tests or ethical hacking
    • 2+ years developing code and or using a scripting language; Ruby or Python preferred
    • High level of knowledge and abilities in application security field
    • Expert level understanding of OWASP top 10s, SANS top 25, and CVEs
    • Familiar with industry recognized standards such as OWASP, PTES, OSSTMM
    • Strong understanding of SSDLC, DevOps, DevSecOps, and CI/CD pipeline
    • Experience using BurpSuite, Kali Linux, SQLMap, nmap, metasploit, and other similar tools
    • Able to establish test plans and design effective security test cases
    • Good verbal and written communication skills in English.
    • Familiar with code repositories like Git/SVN
    • Proof of authorization to work in the United States
    • Current OSCP, CEH or GWAPT certification
    • Experience leading small work teams
    • Strong data validation skills.
    • Web development experience
    • Familiarity with security industry standards (ISO 17799, NIST 800 series, OWASP, etc.)