Security/application Security Engineer

• Operate as a liaison between the Security Team and the Development Teams
• Preserve PCI and SOX Security Certification programs with a primary focus on ensuring compliance with the appropriate industry standards and security controls
• Supporting incident response and architecture review whenever applications security expertise is needed
• Integrating threat modeling practices into the SDLC
• Work with other staff to perform periodic scans and evaluation of system security including areas such as patch management, penetration testing, vulnerability assessments, and other types of InfoSec-related tasks
• Assist in identifying and communicating security exposures, information security incidents or non-compliance situations to IT management or the CISO as appropriate
• Duties may also include collecting and documenting cyber security and incident response event data as necessary.

• Minimum of five years of Information Security experience with at least two years of application-level security
• Strong communication skills: ability to convey and document security guidelines, requirements, and coding best practices
• Familiarity with Security Best Practices in common coding languages
• Application Penetration Testing / API Security Testing
• Software Development Life Cycle Design and Implementation
• Static and Dynamic Application Testing Tools and Methods
• Container and orchestration security (Kubernetes, Docker, Octopus, GitHub, etc.)
• Familiarity with Application Security Testing Frameworks such as OWASP
• Strong logical and analytical thinker
• exceptional skills in security systems solutions
• Ability to work both independently and as part of a local and/or remote technology team
• Attention to detail and demonstrated history of using careful approaches to tasks being performed
• Can anticipate risks and mitigate issues in the moment
• Strong verbal and written communication skills
• Basic networking skill set is required along with experience in securing wide area networks and a hybrid approach for on-premise/cloud/colocation technology environments across multiple locations
• Demonstrated expertise of networking knowledge including a thorough understanding of the OSI model
• Compliance – PCI-DSS, PCI-CP, SOX. PCI requirements and reporting, NIST regulatory and compliance environments, and demonstrated broad range of skills with security publications, privacy data identification/handing, security engineering concepts, C&A procedures and policy development
• Ideal candidate will have experience in securing off-premises network resources, including colocation sites, remote data centers, Amazon Web Services and/or Azure
• Need to have a strong background in Cloud Cyber Security
• Candidate should have basic knowledge and working experience with Linux, Windows, VMware, and other operating systems and applications typically found in an enterprise corporate environment having remote locations
• Kali Linux toolsets, and application-level toolsets such as Postman and Burp
• Threat Intelligence research
• Risk management methodologies
• Threat Hunting
• Simulated threat skillsets (Red / blue teaming)
• Malware analysis
• Bachelor’s in Information Technology or related field is preferred
• Preferences will be given for having generally-accepted Industry InfoSec certifications such as CISSP, CISM, CEH, etc.

Beacon Technologies offers career advancement opportunities, extensive training, and excellent benefits including paying for health and dental premiums for salaried employees.