Applications Security Engineer


CareFirst


Posted Under: Washington, DC jobs in Engineering; Engineering jobs in zipcode 20599
Posted On: 2021-02-23

Resp & Qualifications PRINCIPAL ACCOUNTABILITIES:Reporting to the Manager, Applications Security, the Senior Information Security Specialist is accountable for a variety of tasks and deliverables, as listed below.SUPPORT:To drive integrating security seamlessly into the Software development lifecycle, the Lead Application Security Engineer will serve as a technical subject matter expert working with Technical teams. This individual will collaborate with teams and vendors to determine security requirements and support all phases of integration, operations, and maintenance to ensure a secure software environment. They will be able to work independently or in a team environment.DEVELOPMENT:Provide subject matter expertise on secure coding practices and security design based on current knowledge of security threats and vulnerabilities that could impact the technology stackSupport definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application, and data to align with application security maturity model and adopt a shift-left approach for security.Evaluate various application security tools including SAST, DAST, SCA, IAST, and Pen Testing and operationalize security tools for integration with CI/CD.Explains and interprets the vulnerability report items to development staff.Perform application testing and review security test results from scans and penetration testing to identify viable vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.Develop security controls and processes for products and services developed and deployed for both on-prem and cloud environments.Perform threat modeling, conduct security architecture reviews, and provide training to architects and developers to enhance adoption of secure coding practice within the product development lifecycle.Provide security related coaching and expertise to drive and elevate security expertise within the development teams-- Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiumsThis position is also subject to being "on call" for emergency situations requiring immediate resolution.QUALIFICATION REQUIREMENTS:---Bachelor's Degree in IT related or the equivalent combination of education, training, or experience---4 plus years of experience in the field of cybersecurity and application security---Expert knowledge in security best practices, principles, and commonly used security frameworks such as OWASP, NIST and HIPAA---Experience in softwarecoding/development including Java, Python, .Net, and scripting languages---Knowledge of secure architecture and design patterns for Web, Mobile and Microservices---Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities---Experience securing cloud, application infrastructure and applications---Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, static and dynamic analysis and penetration testing.---Advanced organizational, planning and time management skills---Advanced communication skills, presentation,and analytical skillsPreferred:CISSP, CISM or other related Information Security certificationsEqual Employment Opportunity CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of theCompany to provide equal employment opportunities to allqualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.Hire Range Disclaimer Actual salary will be based on relevant job experience and work history.Where To Apply Please visit our website to apply: Closing Date Please apply before: 3/26/2021Federal Disc/Physical Demand Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.PHYSICAL DEMANDS:The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.Sponsorship in US Must be eligible to work in the U.S. without Sponsorship - provided by Dice

Apply for this job, view similar jobs, and more at http://www.localjobboard.com/washington.dc-jobs/1082270535!