Application Security Engineer
Job Description Summary
As a member of Information Security team you provide technical expertise required to perform application security assessments. Working closely with different teams, the Application Security Engineer ensures that both internally developed applications and third-party vendor applications are implemented in a manner that assures the proper security protections. You will be tasked with staying one step ahead of the hackers in helping us fortify our web applications that sit atop some of our most sensitive information.
In addition, you will be responsible for the development and maintenance of security platforms including Sailpoint Identity Management, web application firewalls, code Inspection tooling, and penetration testing.
Job Duties
- Performs static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
- Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
- Work closely with feature teams early on in the design phase to ensure systems are built securely.
- Provide subject matter expertise and mentor-ship on architecture, authentication and system security.
- Develops and implement manual and automated web application security testing of web applications to enforce security standards.
- Works with security product vendors and service providers to evaluate their security offerings.
- Maintain Sailpoint Identity Management system, database firewall Systems, and other application oriented security tooling.
- Excellent written and verbal communication skills.
- Strong analytical capabilities and have a desire to learn new things.
Qualifications
- 2-5 years of experience in performing penetration testing, secure code review, static, dynamic and manual source code review.
- Experience with enterprise web application security technologies.
- Experience with security tooling including automating tasks.
- Technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
- Knowledge of web application security vulnerabilities and remediation techniques.
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Developed a proven penetration testing methodology.
- Experience in identifying and remediating common web application vulnerabilities such as OWASP Top 10.
- Extensive knowledge of internet security issues and the threat landscape.
- Proficiency with HTML, JavaScript, Java, Spring MVC, and Structured query languages.
- Experience with Wireshark, Firebug, or other request inspection/manipulation tools.
- Expertise with an interpreted programming language (PHP, Python, Perl, Ruby, etc.).
- Expert knowledge of HTTP request construction and manipulation.
- Intimacy with database platform security (SQL / NoSQL).
- Creative, problem-solving approach to projects.
Disciplines / Specializations Preferred:
- CEH, GWAPT, CISSP, or any other security related certification.
- B.S. or M.S. Computer Science or related field, or equivalent experience.
- Experience working with firewalls and intrusion detection systems.
- Actively disclosing vulnerabilities in responsible disclosure security programs.
- Examples of detailed published reports of discovered vulnerabilities.
- Vulnerability identification automation experience.
- The Security Engineer is responsible for security compliance and analysis across multiple systems and hardware platforms.
Why Choose CCC
We promote a healthy work-life balance and offer generous benefit plans and resources designed with employee satisfaction in mind.
What we value is simple - customers, employee commitment, collaboration and clear communication.
We hire people who will embrace the company’s goals and productively contribute in ways that help us serve the customer, innovate, and stay strong.
We make it a priority to keep employees healthy, happy and enriched.
- Healthy - Wellness programs and Perkspot/employee discount program
- Happy – Recognition programs, a confidential employee assistance program, and flexible work arrangements such as staggered start times
- Enriched – Tuition reimbursement, training and learning programs, and leadership development opportunities
Our corporate headquarters is located in downtown Chicago within the historic Merchandise Mart—a certified LEED (Leadership in Energy and Environmental Design) building.
CCC Information Services was ranked #17 in the Top 100 Digital Companies in Chicago in 2017 by Built In Chicago, an online community for digital technology entrepreneurs in Chicago.
CCC is a great place to work. Join us!