Security/Application Security Engineer

Job Overview Beacon Technologies is seeking a Security/Application Security Engineer for our client partner. The Security and Application Security Engineer position is responsible for a combined effort of general infrastructure Cybersecurity as well as performing application security testing, design, and working in partnership with development teams throughout the organization. The scope of responsibility also includes but is not limited to static and dynamic application security testing, penetration testing, maturing the software development life cycle, and API security testing. Successful candidates will be able to review application code and development environments for security concerns and best practices, making recommendations and assisting development teams in implementing recommendations from those assessments. This position works closely and in partnership with the various teams and business units throughout the organization. The scope of responsibility includes but is not limited to vulnerable management, threat analysis, threat hunting, security incident management, general security hygiene, Internet, firewalls/DMZ, IP network and communications rooms, monitoring, test systems/platforms, overall data security and encryption. The position also entails cloud-based technologies such as Amazon Web Services, and colocation solutions used in conjunction with on‑premises data centers. The position will also be responsible for performing periodic compliance tasks as required, and/or assisting to maintain desired industry certifications for the organization. Key Responsibilities Strong communication skills: ability to convey and document security guidelines, requirements, and coding best practices. Operate as a liaison between the Security Team and the Development Teams. Preserve PCI and SOX Security Certification programs with a primary focus on ensuring compliance with the appropriate industry standards and security controls. Supporting incident response and architecture review whenever applications security expertise is needed. Integrating threat modeling practices into the SDLC. Work with other staff to perform periodic scans and evaluation of system security including areas such as patch management, penetration testing, vulnerability assessments, and other types of InfoSec‑related tasks. Assist in identifying and communicating security exposures, information security incidents or non‑compliance situations to IT management or the CISO as appropriate. Duties may also include collecting and documenting cyber security and incident response event data as necessary. Skills Ideal candidate would have a dynamic security aptitude and a verifiable set of skills and experiences within the enterprise Information Security realm. Familiarity with Security Best Practices in common coding languages. Application Penetration Testing / API Security Testing. Software Development Life Cycle Design and Implementation. Static and Dynamic Application Testing Tools and Methods. Container and orchestration security (Kubernetes, Docker, Octopus, GitHub, etc.). Familiarity with Application Security Testing Frameworks such as OWASP. Strong logical and analytical thinker; exceptional skills in security systems solutions. Ability to work both independently and as part of a local and/or remote technology team. Attention to detail and demonstrated history of using careful approaches to tasks being performed. Can anticipate risks and mitigate issues in the moment. Strong verbal and written communication skills. Basic networking skill set is required along with experience in securing wide area networks and a hybrid approach for on‑premise/cloud/colocation technology environments across multiple locations. Demonstrated expertise of networking knowledge including a thorough understanding of the OSI model. Compliance – PCI‑DSS, PCI‑CP, SOX, PCI requirements and reporting, NIST regulatory and compliance environments, and demonstrated broad range of skills with security publications, privacy data identification/handling, security engineering concepts, C&A procedures and policy development. Experience Minimum of five years of Information Security experience with at least two years of application‑level security. Experience securing off‑premises network resources, including colocation sites, remote data centers, Amazon Web Services and/or Azure. Need to have a strong background in Cloud Cyber Security. Knowledge and working experience with Linux, Windows, VMware, and other operating systems and applications typically found in an enterprise corporate environment having remote locations. Kali Linux toolsets, and application‑level toolsets such as Postman and Burp. Threat Intelligence research. Risk management methodologies. Threat Hunting. Simulated threat skillsets (Red / blue teaming). Malware analysis. Education Requirements Bachelor’s in Information Technology or related field is preferred. Preferences will be given for having generally‑accepted Industry InfoSec certifications such as CISSP, CISM, CEH, etc. Physical Demands and Work Environment The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Physical demands: While performing duties of job, employee is occasionally required to stand; walk; sit; use hands to finger, handle, or feel objects, reach with hands and arms; talk and hear. Employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to focus. Work environment: Usual office setting; close contact with employees for long periods of time. The noise level in the work environment is usually minimal. About Beacon Technologies Are you looking to advance your career in information technology? Beacon Technologies offers career advancement opportunities, extensive training, and excellent benefits including paying for health and dental premiums for salaried employees. In addition to providing interesting opportunities, Beacon Technologies provides that old fashioned, personal touch, so you feel like a part of the Beacon team. Equal Employment Opportunity Statement Beacon Technologies, Inc. is an equal employment opportunity employer with a functioning affirmative action plan. It is the policy of Beacon Technologies, Inc. to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, sex, sexual orientation, gender identity or expression, age, disability, marital status, citizenship, national origin, or any other characteristic protected by law. Beacon Technologies, Inc. prohibits any such discrimination or harassment. #J-18808-Ljbffr Beacon Technologies