Sr. Application Security Engineer for Leading Sportswear Brand
- Hillsboro, OR, USA
The Aroghia Group is a nationwide information technology firm that provides cutting-edge IT services, solutions, and staff placements for clients ranging from startups to Fortune 500 companies. We are committed to helping our clients achieve their goals through innovation, collaboration, and deep expertise.
The Sr. Application Security Engineer is part of the Attack Surface Management (ASM) organization and participates in the attack surface reduction of global computing assets. The Engineer is responsible for the maintenance, uptime & availability and scan performance of Static Code Analysis (SAST), Dynamic Web App Analysis (DAST), Component Lifecycle Management (CLM) and Mobile Application Assessment capabilities. The Engineer shall ensure proper configuration of the platforms, maintain operational processes, troubleshoot scan issues, escalate issues to the vendor, collaborate with other ASM teammates to ensure proper scan configurations & integrations. The Engineer should have a strong understanding of application security issues, such as issues identified in the OWASP Top 10 and common coding defects and be able coordinate with developers regarding findings, provide remediation guidance and completion of day to day tasks associated with maintaining the platforms.
• Maintain the day to day operations, configuration and scaling of the SAST, DAST, CLM & Mobile Automated assessments
• Assist with the development and maintenance of automations as part of the enterprise DevSecOps model to ensure assessments are being performed regularly and data results are available for consumption by stakeholders
• Be subject matter expert on common web application security findings such as the OWASP top 10 and provide remediation recommendations
• Assist with false positive reports from developers for findings from the static or dynamic assessment platforms and develop false positive reduction strategies and guidance
• Support triage and validation of security vulnerabilities detected in production and/or reported via responsible disclosure processes
• Maintain and compose operational process documentation regarding program execution.
• Interface with other CIS organizations such as Governance, Risk, Business Information Security and Threat Intelligence to report on program status and coordinate risk identification
• 5+ years of IT professional experience, with previous information security experience
• Direct experience maintaining enterprise level static & web application assessment platforms such as Microfocus Fortify & WebInspect, Veracode, WhiteHat, AppSpider, etc
• Intermediate to advanced knowledge of secure code development practices and OWASP Top 10 web application security issues
• Previous experience deploying and maintaining configuration as code systems, services, containers and applications in AWS, Azure and/or GCP
• Experience with data analytics with the ability to provide qualitative analysis and recommendations
• Strong verbal and written communication skills
• Strong attention to detail, data accuracy, and data analysis
• Self-motivated and operates with a high sense of urgency and a high level of integrity
• Previous experience working in large scale environments with diverse technologies
Please note this opportunity is for W2 candidates only; no C2C.
For fastest consideration, please paste the JD into a word document, highlight all the relevant skills and technologies you possess, and attach it to your application.
Aroghia Group provides top market compensation, H-1B transfers, Green Card processing, and a great company culture. Please provide your resume, LinkedIn profile address, and phone number when applying. We have established a solid reputation in the marketplace by providing our employees with outstanding opportunities for personal and professional growth. Some additional benefits include (but are not limited to):
- We are a preferred IT vendor for top-notch companies in a wide range of industries across the U.S.
- We offer various compensation structures (hourly, salary) based on qualifications and market demand.
- We provide continuous training and development to ensure our team remains at the forefront of technological advancements.
Open Positions: http://aroghia.com/careers