Senior Application Security Engineer (Remote)

Job Opportunity open for LATIN AMERICA, 100% Remote.

Job Overview:

The Senior Security Engineer position will work as a part of the Security organization. They will

report to the Director of Information Security and Compliance but will work also closely with the

Director of Technology Operations to proactively identify and resolve security risk, issues and

security incidents. Assesses information risk and facilitates remediation of identified vulnerabilities with the network, systems and applications. Reports on findings and recommendations for corrective action. Performs vulnerability assessments as assigned utilizing

IT security tools and methodologies. Performs assessments of the IT security/risk posture within

the IT network, systems and software applications, in addition to assessments within the Vendor

Management Program.

Key Responsibilities:

• Assure alignment with CIS benchmarks controls are applied and configurations are maintained throughout the enterprise as part of the continuous monitoring
• Lead and assist in security risk assessments for systems and applications, address questions from internal and external audits and examinations.
• Develop policies, procedures and standards that meet existing and newly developed policies and regulatory requirements including SOX, PCI, COPPA, FERPA, GDPR, CCPA.
• Serve as project lead within IT security projects.
• Assesses information risk and facilitates remediation of identified vulnerabilities
• Performs vulnerability assessments as assigned utilizing IT security tools and methodologies.
• Performs assessments of the IT security/risk posture within the IT network, systems and software applications.
• Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios
• Administers authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
• Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments and engages and coordinates third-party risk and compliance assessments.
• Design security solutions to address security vulnerabilities and weaknesses
• Continuously update the monitoring environment and tools in order to provide the correct level of insight into the environment
• Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
• Investigate security breaches and lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage
• Will be responsible to define consistent Secure Software Development Lifecycle practices for technology projects throughout the planning and delivery cycles that assure that application security vulnerabilities are mitigate.
• Very deep understanding of OWASP, CWE 25, Data Protection, Access management software vulnerabilities and best practices design and threat modeling skills who can work in a dynamic environment.
• Technical point of contact for product teams as it relates to automation, CI/CD, and Product Application Security Operations.
• Build tools and automation scripts that enable developers to easily consume security services delivered by Security Engineering and Automation team.

Required Skills and Qualifications:

• Candidates with the following certifications are preferred: ISC2, SANS, ISACA, or other recognized security professional credentialing organization.
• 5+ years of experience in security roles with increasing responsibility
• 3+ years of experience in a Security Operations Center, or Continuous Monitoring role
• 2-3 Years of Experience in Web Application Security, SSDLC and Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline, at least 2 years of Software Development experience
• 5+ years or experience in an enterprise technology environment, ideally with experience across a variety of roles– operations, networking, systems and infrastructure architecture, or other as applicable
• Hands on experience with Software Development Java / C# / C++, JavaScript and HTML
• Experience with a variety of Continuous Monitoring, and vulnerability scanning tools
• Strong “Hands On” infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
• Experience in managing application security testing tools like SAST, DAST and Open Source Vulnerability Scanning
• MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies

Benefits:

• Competitive USD salary commensurate with experience.
• 100% Remote. Open for Latin America
• We are a US-based company, so no additional benefits are offered.
• Up to $30 USD per hour all inclusive