Submit Your Resume

Upload File

Drop files here Or click here to upload the files

Is this not the right job for you? Create a job alert to be notified when a job that matches your criteria is posted.

What will your day look like?

The Application Security Architect is responsible for validating that application services are designed and implemented with high security standards. This individual analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the Application Security Engineer addresses legacy and emerging security issues, and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation.  As issues are uncovered, the Application Security Engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation – allowing for business continuity, but without negligent risk.  The Application Security Engineer is constantly assessing applications for weaknesses and finding resolutions before they can be abused.

 

 The incumbent is also responsible for assessing the security of applications for business-to-business initiatives, third-party relationships, outsourced solutions and vendors. Considered a highly knowledgeable individual, the Application Security Engineer is expected to recommend programmatic controls, and monitor and manage secure development practices to address modern day issues.  Direction is received from the Sr Manager, Application Security.

Responsibilities

Do you see yourself doing this?

 

  • Perform vulnerability and penetration testing.
  • Document security findings with reasonable methods to secure.
  • Focus on automation to aid in efficiencies with both testing and remediation of findings.
  • Work in tandem with developers to provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by application security assessments.
  • Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing.
  • Attend and participate in application projects and change management committees. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning.
  • Fully define and follow a security review process to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources.
  • Use security standards and implementation configurations, as well as common security frameworks. Prepare for and manage bug bounty programs. Document delivery and implementation advances that meet defined service-level agreements (SLAs) and business metrics.  Align with architects and development teams for a mission of secure design.
  • Train developers and junior application security engineers on secure coding practices.
  • Actively participate and lead security team meetings that facilitate secure design.
  • Highly engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects. Additionally, deliver projects on time, within budget and in accordance with SLAs.
  • Focus on application security that observes compliance – Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. – and privacy laws.
  • Work in tandem with architects, the security operations center (SOC), incident responders (when anomalous activity and host compromise occurs), and technology infrastructure and development team members.
  • Respond to and handle service and escalation tickets within SLA expectations.
  • Develop security test plans from the architectural design. Identify deficiencies and make enhancements to ensure production is not impacted.
  • Drive security efficiencies, enabling security team members to work on more advanced tasks.
  • Conduct performance testing to stress the limitations of security solutions while ensuring business innovation and day-to-day processes are not negatively impacted.
  • Perform other duties as assigned.

Qualifications

What makes you a great fit?

You’ll be a great fit if in addition to the completion of a Bachelor’s degree in Computer Science or a related field preferred, and you have:

 

  • At least 3 years’ experience in cybersecurity, including compliance and risk management with an application development and/or network security engineering background.
  • Highly technical and analytical experience, with a proven deep background (preferred 3+ years’ in addition to cybersecurity) in application programming. Experience in threat modeling applications.
  • Vulnerability and penetration-testing skills.
  • Excellence in communicating business risk from cybersecurity issues.
  • Proficiency in software development (.Net, Java, Python, C++, Ruby, etc.).
  • Solid understanding of network and web protocols.
  • Experience with security of intra-company and third-party APIs.
  • Experience with dynamic and static analysis tools.
  • Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
  • Experience with applications hosted in Amazon Web Services (AWS) or Microsoft Azure.
  • Experience with cryptography controls and measures to secure applications and data.
  • DevOps background in public and private clouds.
  • Experience with one or more of the following: ISO 27001, NIST, PCI Data Security Standard (PCI DSS), SOX, the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards or Service Organization Controls (SOC) 2.
  • Working knowledge of Windows, Linux and Unix.
  • Familiarity with state privacy laws.
  • Highly trustworthy; leads by example.
  • Relevant security certifications (GWAPT, CISSP, OSCP, or other similar certs)

 

When you’re happy, we’re happy!

As a thank you for joining our team, you’ll benefit from:

 

  • Competitive medical, dental, and free vision benefits
  • Competitive compensation plan
  • Contributions towards gym memberships
  • Generous PTO and banking holidays off

 

FacebookTwitter
[gravityform id="7" title="false" description="false"]
<script type="text/javascript">var gform;gform||(document.addEventListener("gform_main_scripts_loaded",function(){gform.scriptsLoaded=!0}),window.addEventListener("DOMContentLoaded",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,initializeOnLoaded:function(o){gform.domLoaded&&gform.scriptsLoaded?o():!gform.domLoaded&&gform.scriptsLoaded?window.addEventListener("DOMContentLoaded",o):document.addEventListener("gform_main_scripts_loaded",o)},hooks:{action:{},filter:{}},addAction:function(o,n,r,t){gform.addHook("action",o,n,r,t)},addFilter:function(o,n,r,t){gform.addHook("filter",o,n,r,t)},doAction:function(o){gform.doHook("action",o,arguments)},applyFilters:function(o){return gform.doHook("filter",o,arguments)},removeAction:function(o,n){gform.removeHook("action",o,n)},removeFilter:function(o,n,r){gform.removeHook("filter",o,n,r)},addHook:function(o,n,r,t,i){null==gform.hooks[o][n]&&(gform.hooks[o][n]=[]);var e=gform.hooks[o][n];null==i&&(i=n+"_"+e.length),gform.hooks[o][n].push({tag:i,callable:r,priority:t=null==t?10:t})},doHook:function(n,o,r){var t;if(r=Array.prototype.slice.call(r,1),null!=gform.hooks[n][o]&&((o=gform.hooks[n][o]).sort(function(o,n){return o.priority-n.priority}),o.forEach(function(o){"function"!=typeof(t=o.callable)&&(t=window[t]),"action"==n?t.apply(null,r):r[0]=t.apply(null,r)})),"filter"==n)return r[0]},removeHook:function(o,n,t,i){var r;null!=gform.hooks[o][n]&&(r=(r=gform.hooks[o][n]).filter(function(o,n,r){return!!(null!=i&&i!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][n]=r)}});</script> <div class='gf_browser_unknown gform_wrapper gform_legacy_markup_wrapper' id='gform_wrapper_7' ><form method='post' enctype='multipart/form-data' id='gform_7' action='/surf_jobs/application-security-engineer-chicago-il-0a578cb2/' novalidate> <div class='gform_body gform-body'><ul id='gform_fields_7' class='gform_fields top_label form_sublabel_below description_below'><li id="field_7_7" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_7_7"><label class='gfield_label' for='input_7_7' >First name<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label><div class='ginput_container ginput_container_text'><input name='input_7' id='input_7_7' type='text' value='' class='large' aria-required="true" aria-invalid="false" /> </div></li><li id="field_7_8" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_7_8"><label class='gfield_label' for='input_7_8' >Last name<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label><div class='ginput_container ginput_container_text'><input name='input_8' id='input_7_8' type='text' value='' class='large' aria-required="true" aria-invalid="false" /> </div></li><li id="field_7_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_7_1"><label class='gfield_label' for='input_7_1' >Email<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_1' id='input_7_1' type='email' value='' class='medium' aria-required="true" aria-invalid="false" /> </div></li><li id="field_7_10" class="gfield gfield--width-full gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_7_10"><label class='gfield_label' for='input_7_10' >Phone number<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label><div class='ginput_container ginput_container_phone'><input name='input_10' id='input_7_10' type='tel' value='' class='large' aria-required="true" aria-invalid="false" /></div></li><li id="field_7_11" class="gfield gfield--width-full gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_7_11"><label class='gfield_label' for='input_7_11' >Which industry do you work in?<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label><div class='ginput_container ginput_container_text'><input name='input_11' id='input_7_11' type='text' value='' class='large' aria-required="true" aria-invalid="false" /> </div></li><li id="field_7_12" class="gfield gfield--width-full gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_7_12"><label class='gfield_label' for='input_7_12' >Upload my resume<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label><div class='ginput_container ginput_container_fileupload'><input type='hidden' name='MAX_FILE_SIZE' value='838860800' /><input name='input_12' id='input_7_12' type='file' class='large' aria-describedby="gfield_upload_rules_7_12" onchange='javascript:gformValidateFileSize( this, 838860800 );' /><span class='gform_fileupload_rules' id='gfield_upload_rules_7_12'>Max. file size: 800 MB.</span><div class='validation_message validation_message--hidden-on-empty' id='live_validation_message_7_12'></div></div></li><li id="field_7_13" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_7_13"><label class='gfield_label' for='input_7_13' >Comments</label><div class='ginput_container'><input name='input_13' id='input_7_13' type='text' value='' autocomplete='new-password'/></div><div class='gfield_description' id='gfield_description_7_13'>This field is for validation purposes and should be left unchanged.</div></li></ul></div> <div class='gform_footer top_label'> <input type="submit" id="gform_submit_button_7" class="gform_button button om-trigger-conversion" value="Submit" onclick='if(window["gf_submitting_7"]){return false;} if( !jQuery("#gform_7")[0].checkValidity || jQuery("#gform_7")[0].checkValidity()){window["gf_submitting_7"]=true;} ' onkeypress='if( event.keyCode == 13 ){ if(window["gf_submitting_7"]){return false;} if( !jQuery("#gform_7")[0].checkValidity || jQuery("#gform_7")[0].checkValidity()){window["gf_submitting_7"]=true;} jQuery("#gform_7").trigger("submit",[true]); }'> <input type='hidden' class='gform_hidden' name='is_submit_7' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='7' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_7' value='WyJbXSIsIjYzZTkzNzhkY2Y1YmUzYzkyOTg0MmI4YmYyZWI5OGVkIl0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_7' id='gform_target_page_number_7' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_7' id='gform_source_page_number_7' value='1' /> <input type='hidden' name='gform_field_values' value='' /> </div> </form> </div>
["gf_submitting_3"]
["gf_submitting_3"]
[true]
[true]
[3, 1]
[3, 1]
[2, 1]
[2, 1]
["gf_submitting_3"]
["gf_submitting_3"]
[true]
[true]
[3, 1]
[3, 1]
["gf_submitting_3"]
["gf_submitting_3"]
[true]
[true]
[3, 1]
[3, 1]
["gf_submitting_3"]
["gf_submitting_3"]
[true]
[true]
[3, 1]
[3, 1]
["gf_submitting_3"]
["gf_submitting_3"]
[true]
[true]
[3, 1]
[3, 1]