Career Opportunities | Conexess Skip to main content

Career Opportunities

Lead Application Security Engineer (Penetration Testing)

Job Title
Lead Application Security Engineer (Penetration Testing)
Job ID
27056405
Location
Cincinnati,  OH 45202
Other Location
Description

The Lead Application Security Engineer will be responsible for all aspects of management and maintenance within the Secure SDLC framework for a given CIO organization.  This will include the training, process, procedures and tooling of the application development lifecycle to verify that security is being “built-in” to the development of systems and software. This is a hands-on role and requires an application security professional who has a solid background in application development and current coding experience, combined with an understanding of Information Security and Secure Coding / Secure Software Development principles. This person is responsible and accountable for risk by openly exchanging ideas and opinions, elevating concerns, and personally following policies and procedures. Achieves results by consistently identifying, assessing, managing, monitoring, and reporting risks of all types.

RESPONSIBILITIES:

  • Security testing within the scope of the SDLC (SAST, DAST, IAST, RASP, etc.)
  • Providing strong leadership and cross-functional / stakeholder communications
  • Mentoring of Security Champions within the IT LOB organizations
  • Assist with maintaining the Secure SDLC structure, which includes developer training, secure coding tools, security testing tools and vulnerability identification and tracking
  • Assists with the tracking and management of application vulnerabilities once detected through tool assisted, manual, or third party performed security testing
  • Assist with the construction of application security metrics (KRI/KPI), and the reporting of those metrics to help the organization understand the state of risk associated with outstanding vulnerabilities
  • Assistance with the management and planning of company’s annual external application penetration testing activities
  • Assist with the execution and results management of company’s quarterly perimeter penetration testing activities
  • Assist with the review and selection of tools to manage application vulnerabilities and integration within the SDLC for defect tracking assigned to developers
  • Assist with the retesting efforts associated with vulnerability remediation
  • Evaluating new security trends and technologies
  • Making recommendations to strengthen the information security environment
  • Participating as a subject matter expert in the incident response program

 

REQUIRED SKILLS & KNOWLEDGE

  • 5 or more years of relevant experience
  • Experience working within a secure SDLC environment
  • Experience with application assessments (SAST and DAST)
  • Excellent communications skills as well as the ability to build effective relationships with business leaders and stakeholders
  • Strong collaboration, communication, problem solving, conceptual and analytical skills
  • Strong leadership and an effective change leader
  • Experience with KPI/KRI creation and metrics reporting
  • Able to work at high level of autonomy in a dynamic environment
  • Experience with DevOps activities and integration preferred

Option 1: Create a New Profile

Apply with LinkedIn