Application Cyber Security Engineer
United States (Hybrid) · കരാർ
അപേക്ഷിക്കുന്ന ആദ്യയാളാകൂ
- അനുഭവം
- ഏതെങ്കിലും
- ശമ്പളം
- —
- ഓപ്പണിംഗുകൾ
- 1
- പോസ്റ്റ് ചെയ്തു
- 3 മണിക്കൂർ മുമ്പ്
- പ്രവർത്തന രീതി
- ഹൈബ്രിഡ്
- യോഗ്യത
- Professionals with experience in application security, DevSecOps, AWS cloud security, and related cybersecurity engineering work may apply. Candidates with health insurance industry experience are preferred. The role requires monthly onsite attendance in Reston, VA as part of a hybrid arrangement.
- പുനരാരംഭിക്കുക
- അപേക്ഷിക്കാൻ നിർബന്ധം
നിങ്ങൾ എവിടെ ജോലി ചെയ്യും
ജോലി വിവരണം
Job Summary
This role centers on application security engineering, with an emphasis on protecting software rather than infrastructure. The position supports DevSecOps and DevOps efforts, along with AWS cloud security and cloud migration work.
Key Responsibilities
- Design, build, and roll out application security controls and solutions.
- Engineer, administer, and support secure systems and security tools.
- Contribute to security planning that aligns with business and organizational goals.
- Advise leadership on cybersecurity policies, procedures, and operating practices.
- Provide hands-on engineering and administration for specialized cybersecurity platforms.
- Investigate and resolve complex issues related to security software setup, operation, and configuration.
- Spot and manage conflicts that may arise during security solution deployment.
- Review system logs to identify irregularities in performance or security behavior.
- Partner with architects and project managers to define security needs and requirements.
- Perform security assessments using SAST, DAST, IAST, SCA, manual penetration testing, secure code review, and threat modeling.
- Help maintain secure SDLC practices and address application vulnerabilities.
- Protect cloud environments, especially AWS, using cloud-native security tools such as Wiz and CrowdStrike.
- Apply Kubernetes and container security practices, including Amazon EKS, pod security, RBAC, and container hardening.
- Align security controls to standards and frameworks such as NIST, ISO 27001, SOC 2, CIS Benchmarks, and MITRE ATT&CK.
- Embed security into CI/CD and DevOps pipelines, including artifact handling and secret protection.
- Work closely with development teams to explain findings and verify remediation steps.
- Implement security for infrastructure-as-code and policy-as-code using Terraform, Helm, CloudFormation, and Rego/OPA.
- Communicate technical risks and recommendations to both technical and non-technical audiences.
Requirements
- Experience in application security engineering with a focus on software security.
- Background supporting DevSecOps, DevOps, AWS cloud security, and cloud migration efforts.
- Ability to architect and administer secure systems and related cybersecurity technologies.
- Practical knowledge of security testing methods such as SAST, DAST, IAST, SCA, penetration testing, secure code review, and threat modeling.
- Strong understanding of secure SDLC and vulnerability management.
- Experience securing AWS and working with cloud security platforms.
- Hands-on knowledge of Kubernetes and container security concepts.
- Familiarity with security frameworks and control mapping, including NIST, ISO 27001, SOC 2, CIS Benchmarks, and MITRE ATT&CK.
- Ability to integrate security into CI/CD and DevOps toolchains.
- Knowledge of infrastructure-as-code and policy-as-code security practices.
- Strong troubleshooting skills for security software and complex technical issues.
- Excellent written and verbal communication skills.
- Preferred background with health insurance customers and AWS cloud security.
- Relevant cybersecurity certification such as CISSP, CISM, CEH, or CISA is required to be maintained or obtained.
- Monthly onsite presence in Reston, Virginia is required as part of a hybrid work arrangement.
Additional Information
This is a hybrid contract role in the United States. The onsite expectation is monthly in Reston, VA. The position emphasizes application-level security rather than infrastructure security.
Preferred Experience
Experience working with health insurance customers is preferred, along with strong AWS cloud security exposure.
Certifications
The role calls for maintaining or obtaining one or more relevant cybersecurity certifications, such as CISSP, CISM, CEH, or CISA.
Communication Expectations
The engineer must be able to clearly present technical risks, explain security findings to development teams, and tailor recommendations for both technical and non-technical stakeholders.