Senior Application Security Engineer (AWS) 100% REMOTE from AMS Staffing, Inc.

Please send resume in Word format if you are interested in this Senior Application Security Engineer opening near Itasca, IL 60143. Salary for this role is $140K-$170K + 15% Bonus & EXCELLENT BENEFITS (open vacation policy, paid maternity/paternity, 401K, etc)!!!!!!!

STRONG APP SECURITY; AWS SECURITY PREFERRED 100% REMOTE

Looking for strong AWS Cloud and Application Security experience. 30-40% of the job will be spent on application security/counter activities, 30% on Cloud (AWS) and 20-30% on security program operations. Offensive security certifications and AWS certifications are nice to have, but not required.

If you are not interested, please forward to your network.  AMS Staffing offers referral fees should they be hired. 

Job Title: AWS Cloud and Application Security

Location: Itasca, IL 60143

Salary: $140K-$170K + 15% Bonus & EXCELLENT BENEFITS

Term: Permanent / Full-Time Role

Apply (here):

https://loxo.co/job/500250?t=1604930596604

Please reply with an updated resume in Microsoft Word format

JOB DESCRIPTION

Senior Application Security Engineer plays a critical role in completing our mission every day by ensuring that client maintain and deploy new software/systems in a secure manner to reduce information security risks. The Sr Security Engineer take charge of the selection and deployment of world-class cyber security technologies with focus on Secure SDLC & Cloud Security. Acts as the evangelist for cyber security throughout Information Technology, consulting with the application development and infrastructure team on secure systems and applications design.

Key Responsibilities

Secure Development: Build strong relationships and be deeply embedded within product management and software engineering team. The Senior Security Engineer will drive the design and adoption of secure software development lifecycle practices across the areas of secure architecture and design, secure coding, security testing, and secure software release management.

Cloud Security: Build a secure cloud environment and help drive the adoption of secure deployment practices in Amazon Web Services Cloud.

Penetration Testing: Strong knowledge of network and web application exploitation, ethical hacking, penetration testing, computer forensics and tool development. Configures, schedules, manages and reviews internal and external network and application vulnerability scans and penetration tests. Monitors and reviews industry related vulnerabilities reviewing findings with appropriate teams, creating remediation plans and tracks and reports on progress

Infrastructure Security: Works closely with the Infrastructure and Application Development teams to ensure proper configurations are implemented and tested on WAF, FW, IDS/IPS and platform

Incident & Cyber Threat Management: Works with the appropriate teams to ensure all appropriate data is aggregated into the logging and monitoring tool and that the appropriate reports are produced and reviewed.

Competencies for Success: Cultivates Innovation, Competencies for Success, Cultivates Innovation, Decision Quality, Communicates Effectively, Manages Complexity

Measures of Success: Delivery on information security roadmap and projects, Number of vulnerabilities and issues, Secure SDLC

Education and Experience:

• Bachelor's in Computer Science or Information Security, 5 to 10 years of experience working in technology and development with a specialty in security in a complex environment, focusing on protection of intellectual property and sensitive data.
• Experience with static, dynamic and interactive application security testing platforms. (SAST/DAST/IAST)
  Experience with web application security best practices (e.g. OWASP, CWE/SANS)
• Cloud Security experience (AWS, O365)
• Strong knowledge of network and web application exploitation, ethical hacking, penetration testing, computer forensics and tool development
• Strong knowledge of vulnerability assessment, scanning (Rapid7, Qualys, Tenable)
• Experience creating and maintaining security policies and standards
• Working knowledge of security best practices and standards such as ISO27001, ISO27002, PCI-DSS, NIST
• Ability to effectively manage multiple concurrent priorities and meet deadlines within a dynamic, fast-paced and challenging environment
• Strong interpersonal and communication skills
• Demonstrate the ability to clearly articulate complex technical scenarios to a non-technical audience