Position Details:

CSG International is hiring a Senior Application Security Engineer to promote and evaluate application security throughout the development lifecycle. This person will join a cross organizational software security team and work closely with product and software development teams to ensure CSG delivers secure and compliant products and solutions. The successful candidate will be passionate to learn and share, and work well in a fast-paced collaborative environment.

Did you know that CSG offers unlimited vacation time, market competitive benefits, 4% match on 401K, ownership opportunities (employee stock purchase plan) and competitive pay, among others? You will work for one of the best company cultures out there and make meaningful contribution to our team!

What you will do:

• Consult with development teams on systems architecture and design security
• Conduct vulnerability and application penetration testing and static code scanning to evaluate potential security weaknesses and manage resulting issues requiring remediation
• Mentor software development teams in remediation of identified security weaknesses
• Review and evaluate the security impact of proposed changes to software systems
• Threat model application architecture, identify required control points in the application, and provide software and solutions design direction
• Research and stay abreast of the latest threats
• Evangelize security and secure development practices
• Verify applications are developed and maintained in line with data security policies
• Participate in responding to security audits and regulatory assessments
• Make recommendations for enhancements to security tools and practices, and for new security tools and practices

Qualifications:

• Bachelor's Degree in Computer Science, Information Security, or related field
• 7 years of software development experience including 3 years of C# and/or Java development experience
• 3 years of defensive application security experience
• 3 years of experience with software security assessment using static code analyzers, application penetration tools, and attack surface analysis and threat models
• Deep understanding of application security vulnerabilities including the OWASP top ten, and how to prevent and mitigate them
• Solid knowledge of Internet and Mobile technologies and architectures
• Ability to coach developers and product management at all levels in improving product security
• Strong understanding of network technology and protocols (TCP/IP, VPNs, Firewalls, IPS, IDS, and DNS)

Highly Desirable skills:

• CISSP certification
• Understanding of regulatory requirements and compliance and their impact on software development, including PCI DSS, HIPAA, SOX
• Additional security industry certification (OSCP, GSSP, CEH, CPT)
• Knowledge of PKI architectures and implementation
• Understanding of network technology and protocols (TCP/IP, VPNs, Firewalls, IPS, IDS, and DNS)
• Understanding of cloud architectures and how they impact application security
• Knowledge of industry secure development frameworks such as Microsoft SDL or OpenSAMM
• Experience developing software on an agile team (XP, Scrum, TDD, etc.)

As a CSG employee, your contributions to our success are a big advantage to the company and we believe you deserve to have a valuable selection of benefits, competitive pay and total rewards in return.  Our benefits offer some important “must haves” plus valuable programs that let you customize your coverage to fit your needs, today and tomorrow.  Our multiple recognition programs are yet another way we recognize one another for the contributions, team work, dedication, innovation and accomplishments that have enabled our growth for more than 25 years.