Application Security Engineer II 31 views
- Salary Offer Commensurate with Experience
- Experience Level Mid-Level
- Total Years Experience 3-5
- Education 4-year degree
Hands-on role partnering with application development to strengthen application security best practices within the agile SDLC. Review security findings within existing code to identify vulnerabilities and provide recommendations to mitigate the risk to Paychex. Ensures application security controls in place are adequate or identify those that require improvement. Train developers in secure coding best practices, security testing tools and techniques.
- Collaborate with application development to address security risks and provide mitigation recommendations to align application security best practices within the agile SDLC, based on OWASP Top 10.
- Creation and refinement of rules for SAST and DAST security tools.
- Capability to analyze multiple instances of vulnerability patterns that can be traced to single root causes to eliminate existing risks within software applications.
- Collaborate with Penetration Testers to identify pervasive issues within an application or common trends throughout multiple applications.
- Validation of security controls to adhere with industry best practice and compliance requirements, including OWASP Top 10 and OWASP Application Security Verification Standard.
- Develop and coordinate the testing and deployment of rules for web application firewalls.
- Acts as an application security resource throughout the company, training developers on security tools and techniques.
- Bachelor’s degree in Information Security, Software Development or another related technical discipline.
- 5 years of experience in Information Security, Cyber Security is preferred.
- CISSP, SANS GIAC, or CEH is preferred.