16 Apr
Application Security Engineer
Vacancy expired!
Kelly Technology is helping its client, a molecular diagnostics company finding an experienced Application Security Engineer Penetration Testing.Application Security Engineer Client Industry: Biomedical/Med. Devices Direct Hire: Onsite in Sunnyvale, CA required; Relocation and great benefits Highly competitive comp package! ESSENTIAL JOB RESPONSIBILITIES:
- You will develop or identify and customize tools, also will drive the adoption of best practices throughout the organization to ensure that Cloud, mobile app, and windows application software are secure.
- Manage penetration testing coverage across fast-growing customer facing cloud-based environments, Mobile App, and other medical diagnostic devices.
- Perform independent manual penetration tests of cloud infrastructure, web application and APIs.
- Perform SAST (Static Application Security Test) based code review, to understand potential security weaknesses, for exploitation purposes.
- Implement cybersecurity controls and security engineering.
- Proficient in client-server-based architecture; understands one or more technical disciplines, such as software development/engineering methodologies, system/network security engineering principles, secure design, secure architecture, and/or secure coding techniques.
- Address vulnerabilities and maintain product security posture
- Conduct assessments of security controls in order to measure the effectiveness of controls and identify any gaps
- Provide continuous monitoring security expertise to business units and key stakeholders
- Perform architecture reviews as part of product security process
- Provide security consulting services internally to the engineering organization by giving mentorship and functioning as an information security authority
- Minimum 5+ years of related experience
- Experience working with different security tools
- Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP.
- Advanced knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
- Hands-on experience with encryption, hashing, secure random number generation, key derivation, digital signatures, etc
- Experience leading vulnerability/incident assessment: Static assessment, Dynamic assessment, Vulnerability assessment
- Risk Management knowledgeable; hands on experience with RMF
- Medical Devices or Pharma Industry experience in a regulatory environment strongly preferred.
- Certified Ethical Hacker
- Working knowledge in Cybersecurity with software/application or product development.
- Expertise with application server technologies such as Spring Framework, Spring Security, Web Services, REST, and Hibernate.
- In-depth knowledge of and experience with security technologies, single-sign-on and identity management technologies.
Vacancy expired!