Application Security Engineer

Job Summary

**Hybrid work - Incumbent must work three days each week in the Omaha, NE office**

We are seeking an Application Security Engineer who will serve as a member of a highly collaborative team to partner with technology teams, respective engineers and business units to develop and promote an integrated and mature culture of secure software development practices. Identify common areas of risk related to secure development practices and engineer solutions, strategies and processes to mitigate the risk across the entire application life cycle. Evaluate applications and code to ensure industry best practices for secure application development are being utilized and create guidance to assist teams in adhering to best practices. Bring awareness to an evolving security posture through measurement and reporting of identified risk and accomplishments of secure development best practices.

Essential Duties & Responsibilities

• Security Guidance and Process
  • Work with security team, developers and technology engineers to implement and evolve security guidance and practices as it relates to the development of web-based applications and services on leading platforms.
  • Encourage Secure Development Lifecycle practices and tooling to measure and assist with compliance to the established security guidance.
• Security Testing and Reviews
  • Develop and maintain varying levels of security testing and review processes applicable to software development practices, technology footprint and various risk factors. These processes include (but is not limited to) the following:
    • Penetration testing
    • Application Security Testing (AST)
    • Secure code reviews
    • Threat Modeling
• Application Security Maturity Model and Tooling
  • Collaborate with the application security team to measure, develop and advance the enterprise software security maturity model.
  • Identify and evaluate products and tools that can enhance the maturity of application security. Support new and existing application security products and tools to keep them functioning effectively. Guide development teams through the adoption and usage of implemented application security products and tools.
• Secure Development Practices
  • Lead efforts with the application security team to assess, engineer and support secure code frameworks that can be shared across teams to implement common security practices such as encryption, authentication, and authorization.
• Security Training
  • Identify and/or provide secure software development training opportunities to applications development team members. Training should include awareness of OWASP vulnerabilities and related mitigation steps.
• Continuous Integration and Deployment
  • Provide support and validation of secure development practices as part of a continuous integration (CI/CD) and SDLC processes.
  • Provide support for information security activities and contribute to broader security strategies.

Education Requirements

Bachelor's Degree Minimum in Computer Science, Cyber-Security, Information Systems or related degree required.

Years of Experience

• 4 + years of experience in Software development/engineering in an agile environment