Lead Application Security Engineer

Bachelor’s degree in Computer Science, Computer Engineering, Cyber Security or similar or equivalent experience
At least 3 years experience as a software developer and 3-5 years in a security focused development role in an agile development environment
Experience in software and product design and architecture, product security, security issue prevention and mitigation strategies
Strong knowledge of programming languages – Java, JavaScript (NodeJS), C#, Perl, Python, etc.
Practical experience with Docker and Terraform
Knowledge of key security technologies like OAuth, SAML, etc.
Solid understanding of the web services world including RESTful services, Service Bus architectures, JSON etc
Experience with Static and Dynamic Code Analysis tools like Veracode, CheckMarx, AppSpider, HP Fortify, HP WebInspect, IBM AppScan, Coverity etc.
Current knowledge of HIPAA, HITRUST, PCI-DSS requirements

Responsible for socializing and driving the execution of key security best practices across the R&D organization
Contribute to enterprise security catalog of best practices, techniques and patterns to enable secure implementation of features in products/product families
Ensure organization effective use of application security tools (SAST, DAST, SCA, APIactive testing), including them into unified pipeline where relevant with the goal to prevent vulnerabilities from being introduced into the product features during the development lifecycle
Identify and explain feature level design or architectural weaknesses which could result in security issues
Partner with key stakeholders including enterprise security leadership to track and prioritize open issues and follow up on resolution
Work with key stakeholders like DevOps, Infrastructure, et al to build security hardened tech stacks that are used for development and production
Document, share, and help automate coverage for common abuse cases and attacks

No preferred qualifications provided.