Engineer, Application Security

An ICE Application Security Engineer is part of a team responsible for ensuring that ICE produces and maintains secure applications. This team member influences secure design, performs code analysis, identifies vulnerabilities through hands-on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management.

Responsibilities

• Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing.
• Standards and Policies  -  Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS.
• Secure Design Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases.
• Tool Management Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application s security with static code analyzers (SAST), dynamic testing (DAST) tools, software composition scanners, Web Application Firewall (WAF) and bug bounty programs.
• Developer Education Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities.

Knowledge and Experience

Skills Required

Java, C++, .NET