Back to all jobs
Posted on July 19, 2024

Application Security Engineer Job #10353

Denver, CO Permanent Salary: $140,000 - $150,000 Per Year
Apply Now

BridgeView is currently seeking an Application Security Engineer for one of our clients. If you love building and supporting technology solutions that make businesses successful, then read on for more details.

TITLE: Application Security Engineer
LOCATION: Denver, CO (hybrid)
BENEFITS & PERKS: Medical, Dental & Vision, 401(k)

OVERVIEW
The Application Security Engineer plays a crucial role within the cybersecurity team, overseeing the management and fortification of web-based applications both on-premises and in the cloud. In this capacity, this role is tasked with crafting resilient web application firewall (WAF), Bot Mitigation/Defense, and DDoS mitigation configurations, ensuring robust defense against threats and vulnerabilities while preserving seamless business operations and customer experiences.

HOW YOU WILL MAKE AN IMPACT

  • Serve as the primary authority and subject matter expert on Web Application Firewall (WAF), Bot Mitigation (BotM), and DDoS Mitigation platforms.
  • Assess and devise cybersecurity architectures and designs that strike a balance between implementing robust security controls and fulfilling the functional requirements of the business.
  • Define and cultivate security requirements through meticulous risk assessments, comprehensive threat modeling, rigorous testing, and insightful analysis of existing systems.
  • Lead web application security functions, spearheading strategic initiatives to proactively tackle external, internal, and emerging application security risks across the organization.
  • Set up new sites and applications for WAF/BotM safeguarding, conducting thorough traffic analysis to eliminate false positives and optimize protection efficacy.
  • Collaborate closely with engineering and architecture teams to assess the security readiness of both new and existing applications introduced into the environment.
  • Devise, test, and implement solutions and configurations with rule sets specifically crafted to safeguard against vulnerabilities and threats targeting both web-based and mobile applications.
  • Lead compliance hardening governance across cloud and application landscapes, conducting meticulous checks on device configurations to ensure version compliance, and identifying and promptly mitigating weaknesses.
  • Analyze reports stemming from vulnerability scans, penetration tests, web testing, to pinpoint areas of exposure and enhance application security posture in collaboration with application developers.
  • Develop, oversee, and ensure compliance with the Secure Software Development Lifecycle (sSDLC) processes, aligning with industry best practices.
  • Collaborate closely with cybersecurity and development teams to manage a comprehensive sSDLC process, integrating security testing functions (SAST, DAST, IAST, pen test) while balancing security and usability concerns.
  • Develop and implement application security strategy throughout the CI/CD lifecycle.
  • Document and maintain policies, standard operating procedures, and OWASP best practices for application and host integrity.
  • Create and implement WAF/BotM rules and signatures to mitigate threats and adhere to best practices.
  • Liaise with cybersecurity, threat intelligence, IT, software development, and third-party teams to address organizational cybersecurity architecture and system security engineering requirements throughout their lifecycles.

REQUIRED EXPERIENCE

  • Bachelor’s degree required in: Business, Finance, Computer Science, Engineering, IT, or related field.
  • 7 + years of enterprise security or application security experience.
  • 7+ years of deploying, configuring, and managing Web Application Firewall (WAF) platforms.
  • 5+ years of deploying, configuring, and managing Bot Mitigation (BotM) platforms.
  • 5+ years of deploying, configuring, and managing DDoS Mitigation platforms.
  • 2 + years of hands-on experience in a cloud-native environment, such as Azure, AWS, or GCP
  • Hold an active cybersecurity certification, such as a CSSLP, CISSP, CISA, CCP, CSSLP, GCSA MCP, MCSE, SANS, or Microsoft AZ (highly desired, or equivalent experience is acceptable).
  • Hold an active cybersecurity certification, such as: CSSLP, SANS, CISSP, CCNA, CISA, CCP, GCSA, MCP, MCSE, SANS, or Microsoft AZ (required, or willing to attain within 3 months of start date).
  • Familiarity with tools like Fastly, Akamai, Radware, F5, or HumanSecurity preferred.
  • Experience installing, configuring, and supporting Web Application Firewalls (WAFs) in complex enterprise environments.
  • Proficiency in Web Application Firewall (WAF) configuration, policy management, and related tools.
  • Proficiency in Bot Mitigation (BotM) configuration, policy management, and related tools.
  • Experience with DDoS Mitigation deployments (IPSec/GRE tunnels), configuration, policy management, and related tools.
  • Strong understanding of applications, databases, web services, authentication, and middleware servers.
  • Knowledgeable about mobile application and device security (iOS, Android, Mobile SDKs).
  • Familiarity with security concepts and tools such as SAST, DAST, IAST, Web Application Penetration Testing, and Open-Source Analysis.
  • Understanding of OWASP Top Ten, threats, vulnerabilities, and tactics used to compromise applications.
  • Experience in secure CI/CD pipeline design, architecture, automation, and secure code gating.
  • Experience securing cloud IAAS and PAAS environments (Azure, AWS, Google Cloud).
  • Ideally familiar with regulatory requirements and laws such as: Sarbanes-Oxley Act (SOX), PCI-DSS, TSA, SEC Amended Rule, HIPAA, GDPR, CCPA, and GLBA.
  • Knowledge of industry compliance standards and frameworks such as: HIPAA, NIST, ISO, ITIL, COSO, COBIT, SOC1/2, NIST 800-53, NIST CSF, ITIL, and/or Cybersecurity Maturity Model.
  • Proficiency in one or more scripting languages (e.g., Python, PowerShell, JavaScript, Bash).
  • Ability to work independently and collaboratively with others.

ABOUT BRIDGEVIEW
BridgeView is a talent and technology consulting company that helps business leaders build exceptional technology teams and deliver complex projects with confidence.
 
Since 2005, BridgeView’s tenured recruiting team has built a vast network of niche technologists and executive leadership candidates to help our clients solve their most complex talent challenges. Paired with strategic consulting services, BridgeView further delivers project collaboration in the areas of people, process, and technology.
 
This blended approach allows clients to adjust in real-time to align with their budgets while receiving Big 5 expertise to meet their objectives.
 
BridgeView. Within Sight.

We are an equal opportunity employer and value diversity. All employment decisions are made due to qualifications, merit, and business need. The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.

 

Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!