Application Security Engineer - Remote
Company: Ryder
Location: Saint Paul
Posted on: April 28, 2024
|
|
Job Description:
_Job Seekers can review the Job Applicant Privacy Policy by
clicking HERE.
(https://ryder.com/job-applicant-privacy-policy)_
SUMMARY
We seek a highly motivated and experienced Application Security
Engineer to join our growing security team. This role is highly
technical and candidates must possess a solid understanding of the
security and privacy of our company's applications and data.
The Application Security Engineer must understand development,
coding, security engineering, and secure systems configurations.
This position ensures that every step of the software development
lifecycle (SDLC) follows security best practices. This involves
conducting security assessments with SAST and DAST tools, reading
source code, threat modeling, and designing and implementing secure
software development practices. They will determine where security
vulnerabilities exist and implement fixes. They must understand how
an application may be misused and exploited. The Application
Security Engineer will collaborate with software development teams
and provide guidance on best practices for secure coding. They will
also stay up to date on the latest security trends and technologies
and integrate them into the organization's security strategy. The
ideal candidate will have strong analytical and problem-solving
skills, as well as experience in application security and knowledge
of programming languages and web technologies. A Bachelor's degree
in Computer Science and certifications such as CISSP, OSCP, or CASE
are preferred.
ESSENTIAL FUNCTIONS
Conduct security assessments that require expertise of our
organization's applications using both Static Application Security
Testing (SAST) and Dynamic Application Security Testing (DAST)
methodologies.
Collaborate with software development teams to integrate security
into the development life cycle.
Conduct security assessments of web, mobile, and other
applications. Analyze security assessment results to identify
security vulnerabilities and provide guidance on remediation.
Design and implement secure software development practices,
including threat modeling, secure coding standards, and code
review.
Stay current with security threats, trends, and technologies, and
recommend new security controls as needed.
Conduct application security investigations and provide
recommendations to mitigate risk.
Maintain security documentation, provide subject matter expertise,
and collaborate on security policies, procedures, and
standards.
ADDITIONAL RESPONSIBILITIES
EDUCATION
EXPERIENCE
Five (5) years or more experience with OWASP, SAST, DAST, SCA, RASP
and common security tools, required.
Seven (7) years or more application security, security engineering,
software development, or a related field, required.
Five (5) years or more strong understanding of web application
security and common attack vectors. (e.g. SQL injection, XSS,
CSRF), required.
Five (5) years or more experience with secure coding practices,
threat modeling, and secure software development life cycle (SDLC)
methodologies. required
Five (5) years or more proven experience in diagnosing, isolating,
resolving complex issues and recommending/implementing strategies
to resolve problems, required.
Five (5) years or more demonstrated experience with systems
integration processes, methodology and tools, required.
Seven (7) years or more development and scripting experience,
required.
Five (5) years or more professional application security role,
required.
Five (5) years or more experience with API and Web Security,
required.
Three (3) years or more experience with WAF, or similar application
security infrastructure a plus, preferred.
Seven (7) years or more experience in integrating security in
CI/CD, DevOps, required.
Six (6) years or more experience process or operation
management
Six (6) years or more experience Value Stream Mapping, Continuous
Flow, Pull Replenishment and other process improvement
experience.
SKILLS
Excellent communication skills, both verbal and written, and the
ability to work effectively with cross-functional teams.
Ability to create and maintain professional relationships within
all levels of the organization (peers, work groups, customers,
supervisors).
Ability to work independently and as a member of a team.
Flexibility to operate and self-driven to excel in a fast-paced
environment.
Capable of multi-tasking, highly organized, with excellent time
management skills
Proficiency in at least one programming language (e.g. Python,
.NET, Javascript) with .NET preferred., advanced, required.
Proficiency in at least one common scripting language (e.g.
PowerShell, bash, etc.), advanced, required.
Familiarity of NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR
and global regulations, expert, required.
CI/CD experience with Azure Devops, Terraform or other automation
and integration technologies, expert, required.
Risk management findings, vulnerability prioritization, threat
modeling, and mitigation strategy, advanced, required.
LICENSES
TRAVEL
1-10%
Applicants from California, Colorado, Hawaii, New Jersey, New York
City, and Washington:
Salary is determined based on internal equity; internal salary
ranges; market
data/ranges; applicant's skills; prior relevant experience; certain
degrees or
certifications, etc.
The salary for this position ranges from $120,000.00 to
$150,000.00. Employees may also be eligible
to receive an annual bonus, as applicable.
Ryder offers comprehensive health and welfare benefits, to include
medical,
prescription, dental, vision, life insurance and disability
insurance options, as well as
paid time off for vacation, illness, bereavement, family and
parental leave, and a tax advantaged 401(k) retirement savings
plan
Job Category: Information Security
Ryder is proud to be an Equal Opportunity Employer and Drug Free
workplace. All qualified applicants will receive consideration for
employment without regard to race, religion, color, national
origin, sex, sexual orientation, gender identity, age, status as a
protected veteran, among other things, or status as a qualified
individual with disability.
_Job Seekers can review the Job Applicant Privacy Policy by
clicking HERE.
(https://ryder.com/job-applicant-privacy-policy)_
Current Employees:
If you are a current employee at Ryder (not a Contractor or
temporary employee through a staffing agency), please click here
(http://wd5.myworkday.com/ryder/d/task/1422$3.htmld) to log in to
Workday to apply using the internal application process.
#wd
Keywords: Ryder, Eagan , Application Security Engineer - Remote, Engineering , Saint Paul, Minnesota
Click
here to apply!
|