Senior Application Security Engineer

  • Full Time
  • Portland, OR
  • Salary: $185000.0

Smith Arnold Partners

World’s Largest Cloud based Advertising Technology companies whose biggest clients are Google and Facebook. The scale of this environment is larger than almost any company in the Manhattan area (over 9000 Linux Servers). This company is a web-scale organization, with physical data centers in 6 locations globally with planned expansion into AWS and Azure. This company has a great reputation and the compensation, benefits and culture here are unbelievable. This opportunity is high visibility, you would become very well known in the AD Tech Industry in this role. You would make a major impact and contribute to the success of this organization in multiple ways. You would have a tremendous influence on how security would be handled as well. This is a very unique opportunity to be a part of a small team of Cyber Security experts who have the opportunity to work on all aspects of security. There is an emphasis on Application Security for this role and you would advise the Software Development leadership team on Application Security Best Practices as well as implement new policies on how application security is handled within the build pipeline, but you would also work on other aspects of security within this global infrastructure environment with over 9000 Linux Servers, which process billions of Ad serving requests per day. This is a great opportunity to expand your security tool set while utilizing your application security expertise. This is an environment that looks for the brightest in the industry, the most creative troubleshooters and those who love to tinker and innovate with the latest technology!

Title: Senior Application Security Engineer
Location: Portland, Oregon
Salary: $160,000 – $185,000 + Bonus

Responsibilities:
This Sr Application Security Engineer will collaborate with the Director of Cybersecurity and the Cybersecurity Architect to establish and deliver on key strategies, programs, and technical solutions across the operational infrastructure
This Sr. Application Security Engineer will oversee the implementation of Secure Development Lifecycle (SDL) processes across development teams
You will be a key part of developing and implementing systems to perform early vulnerability detection and attack surface mitigation. Understanding vulnerability analysis, threat-modeling, and being able to perform targeted penetration testing against internal systems will be key to being successful in this position
This critical Security resource needs to have experience in integrating multiple security tools and products into existing build pipelines. The ability to quickly locate and understand the impact of a vulnerability is valued
In this role, you will work closely with numerous organizations across the company at various levels including Legal, Finance, Network Engineering & Operations, System Operations, and Engineering as well as outside parties including service providers, consultants and auditors. This operations-focused role is integral to the ongoing security and continuity of the infrastructure
You will drive implementation, deployment, adoption and refinement of technologies needed to support cyber security objectives including authentication, authorization, accounting (AAA), single sign on (SSO), multi factor authentication, role-based access controls (RBACs), firewalls, Intrusions Detection Systems/Intrusion Prevention Systems (IDS/IPS) and other technologies as needed.
Use vulnerability detection and management tools to find attack surface in products and services
Use SIEM tools to correlate events and data from an incident across multiple systems
Be up-to-date on current vulnerabilities being exploited
Develop a framework and establish system for controls and levels of access
Drive development and implementation of policy, processes, and procedures in support of Cybersecurity, GRC and DR/BC
Oversee Production Operations incident response planning and security breach investigations
Manage the entire process of security testing and auditing, including selecting vendors, testing, analyzing results and remediation planning
Identify risks and propose strategies to mitigate them before crisis develops

Requirements:
You like to take risks when looking for novel solutions to complex problems. If faced with roadblocks, you continue to reach higher to make greatness happen
Proven ability to identify, understand, and exploit OWASP top 10 vulnerabilities in code
Excellent troubleshooting skills
Certifications such as Security+, CISSP, CEH, OSCP, GPEN, or similar is a plus but not required
5+ years of hands-on experience in Unix/Linux system administration
2+ years of Software development experience with Java, C/C++, Python or Ruby and a deep understanding of how development teams operate and how to interact with them
Ability to understand the results of penetration test reports at a technical level and guide teams with the vulnerabilities to remediation
Knowledge of IDS/IPS and vulnerability management solutions
Versed in current security threats and vulnerabilities
Knowledge of authentication, authorization, and access control methods, as well as SANS and COBIT framework
Strong commitment to deliver high quality service to both internal and external customers
You care about solving big, systemic problems. You look beyond the surface to understand root causes so that you can build long-term solutions for the whole ecosystem

Application