Job Title

Application Security Engineer

Job Description

About The Position | Major goals and objectives and location requirements

People Inc is looking for an Application Security Engineer with a track record of innovative thinking, technical expertise, and collaboration. This role will be tasked with supporting software development teams, vulnerability management and remediation, and improving security coverage throughout the SDLC. 

As a valued member of the Security team, you will be responsible for helping to set technical direction, delivering technical projects, and collaborating with other groups within the organization.

Hybrid 3x a week- (New York, NY) 

In-office Expectations: This position is hybrid in-office, with the ability to work remotely for up to 2 days per week.

About The Positions Contributions:

Weight % Accountabilities, Actions and Expected Measurable Results

 50% - Solutions

• Function as a subject matter expert for security solutions within the organization’s platform.
• Integrate security solutions into the SDLC process.
• Work with development teams to improve the security of CI/CD processes by ensuring version control for source code, scanning code for vulnerabilities in the build pipeline, and ensuring public/private repositories are trusted and secure.
• Design and develop coding standards across infrastructure, application, and data security, building out guidelines and standards to drive a standardized set of security requirements that align with internal policies and meet external compliance/regulatory requirements.
• Help evolve application security functions and services. 

 50% - Vulnerability Assessment

• Prioritize, triage and remediate vulnerabilities and findings from security scans and bug bounty programs.
• Review security test results from vulnerability scans and penetration tests and propose appropriate remediation measures or mitigation controls, conduct a remediation plan and supervise its progress.
• Improve and support application security tool deployments including static analysis, dynamic testing and software composition analysis tools.
• Conduct security code reviews for various languages and frameworks of web and mobile applications.
• Identify security exposures and develop mitigation plans.
• Investigate and report vulnerabilities in systems and platforms.
• Assess the application threat landscape through threat modeling and architecture reviews.
• Develop metrics and reporting on the posture of the application security program. 

The Role’s Minimum Qualifications and Job Requirements:

Education: Bachelor’s degree in Business, Management, Information Systems, OR equivalent professional experience.

Experience:

• Technical Skills: 2+ years experience in a security technical role or software development.
• Application Development and Security: Experience with application security tooling and processes, including code review, static code analysis, penetration testing, risk management, etc.
• Infrastructure: Experience with data encryption, cryptography and encryption key management. Experience with configuration management and DevOps practices to ensure security is built into the SDLC process.

Specific Knowledge, Skills, Certifications and Abilities:

Technical Skills

• Development experience in Java, JavaScript and Python.

• Scripting and automation experience using RESTful APIs.

Application Development and Security

• Knowledge of SANS/CWE Top 25, OWASP Top 10 Application Security principals.

• Strong knowledge and experience in implementing SDLC best practices.

• Knowledge with Git and version control best practices.

• Ability to innovate and find creative solutions that balance business needs with security needs.

• Familiarity with application layer assessment tools, such as local proxies and fuzzers.

• Familiarity with threat modeling and security design review methodologies.

Infrastructure

• Solid understanding of OSI model, TCP/IP, HTTP and TLS.

• Knowledge of C.I.A. (confidentiality, integrity, availability) security principles and D.I.E. (distributed, immutable and ephemeral) security model.

Interpersonal Skills

• Passion for application security and continuous learning.

• Able to concisely communicate security risks to both technical and business audiences.

• Attention to detail.

• Ability to work independently, and as part of a team.

• Ability to multitask and prioritize work effectively.

It is the policy of People Inc. to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, the Company will provide reasonable accommodations for qualified individuals with disabilities. Accommodation requests can be made by emailing hr@people.inc.

The Company participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please click here: https://www.e-verify.gov/employees

Pay Range

Salary: New York: $115,000 - $135,000 Remote US: $100,000 - $120,000

The pay range above represents the anticipated low and high end of the pay range for this position and may change in the future. Actual pay may vary and may be above or below the range based on various factors including but not limited to work location, experience, and performance. The range listed is just one component of People Inc's total compensation package for employees. Other compensation may include annual bonuses, and short- and long-term incentives. In addition, People Inc. provides to employees (and their eligible family members) a variety of benefits, including medical, dental, vision, prescription drug coverage, unlimited paid time off (PTO), adoption or surrogate assistance, donation matching, tuition reimbursement, basic life insurance, basic accidental death & dismemberment, supplemental life insurance, supplemental accident insurance, commuter benefits, short term and long term disability, health savings and flexible spending accounts, family care benefits, a generous 401K savings plan with a company match program, 10-12 paid holidays annually, and generous paid parental leave (birthing and non-birthing parents), all of which may vary depending on the specific nature of your employment with People Inc. and your work location. We also offer voluntary benefits such as pet insurance, accident, critical and hospital indemnity health insurance coverage, life and disability insurance.

#NMG#