Application Security Engineer (fully remote)
A key global client of mine who are serving more than 5,000 clients globally are currently seeking an Application Security Engineer to join their team on a permanent basis
- Ensure that our applications, software and infrastructure is designed and implemented to the highest security standards.
- Perform security assessments, design reviews, security audits, risk analysis, vulnerability testing and security code-reviews on a wide variety of environments.
- Work with key stakeholders across the company to define, design and implement effective security controls and remediate vulnerabilities to improve our security posture and reduce risk to acceptable levels
- Conduct assessments of threats and vulnerabilities and determine deviations from acceptable security baselines
- Manage security technology processes and solutions, sometimes through 3rd parties, including endpoint protection, vulnerability management, and SIEM
- Create security operations playbooks to ensure a consistent approach and response to current & emerging threats
- Conduct network monitoring and intrusion detection analysis using various Computer Network Defence (CND) tools, such as Intrusion Detection/Prevention Systems (IDS/IPS), Firewalls, Host Based Security System (HBSS), etc.
- Perform security assessments, gather evidence for security audits, review third party security documentation
- Develop technical solutions to help mitigate application security vulnerabilities
- Extensive experience in Information Security or a related field
- security development experience
- Expertise in TCP/IP. Understanding of common network vulnerabilities, OS vulnerabilities (Windows and macOS), patching and attack patterns
- Experience in public cloud environments
- An understanding of system hardening, containerization, and cloud security controls
- Familiarity with ISO27001, SOC, GDPR, & CCPA
- Excellent interpersonal skills & communication skills; you should be an ambitious teammate with strong analytical, problem solving, debugging and troubleshooting skills
- Experience with M365 Defender & M365 Cloud Application Security
- Experience with IDS/IPS solutions such as Fortinet
- Experience with public cloud services including AWS, GCP and Azure