Application Security Job Description
Application Security Duties & Responsibilities
To write an effective application security job description, begin by listing detailed duties, responsibilities and expectations. We have included application security job description templates that you can modify and use.
Sample responsibilities for this position include:
Application Security Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Application Security
List any licenses or certifications required by the position: CISSP, GWAPT, OSCP, CEH, CISM, GIAC, CISA, GSSP, CRISC, OSWE
Education for Application Security
Typically a job would require a certain level of education.
Employers hiring for the application security job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Engineering, Information Systems, Information Security, Education, Technical, Computer Engineering, Information Technology, Business, Cyber Security
Skills for Application Security
Desired skills for application security include:
Desired experience for application security includes:
Application Security Examples
Application Security Job Description
- Govern the program across the line of business covering static, dynamic, open source, mobile scanning, and binary scanning efforts
- You will lead the design, implementation, operation, and maintenance of the Information Secure Code Development including many aspects, for example, certification to various standards ISO/IEC 27001, PCI, HIPPA, GDPR
- Collaborate with other IRM teams and professionals including the VP Operational Risk Management, the Divisional Information Risk Officer and Audit Services
- Contribute and shape divisional and global IRM projects and initiatives
- SAP and SFDC Security Administration
- Defines and develops security test strategies for small-medium projects
- May lead a small team
- Work Closely with developers and project teams
- Complete risk and secure code reviews + security threat modelling
- Establish a strong partnership with application development teams to understand business needs and develop appropriate application security controls
- Proficiency with HTML, JavaScript, Java, Spring MVC, and Structured query languages
- Experience in applying TDD principles to security
- Experience with identity management platforms and applying authentication/authorisation protocols like SAML and OAuth to REST services
- Proven experience as a technical architect through all tiers (network, storage, backup, server, middleware and web/application) with the ability to understand security best practices and implications across all tiers
- CISSP and/or CSSLP required
- Eight plus years of combined IT and security work experience including infrastructure, systems, vulnerability testing, audit, or secure application software development
Application Security Job Description
- Assist code reviews and open source software evaluations
- Empower delivery team resources by promoting application security awareness and standards through training, hackerthons, mentoring and vulnerability demos
- Definition and enforcement of application security policies
- Perform manual assessments of applications, both dynamically and statically, produce reports, open tickets in Engineering work tracking systems
- Operate and maintain application security tools, such as static application security testing (SAST) and dynamic application security testing (DAST) tools
- Develop tools and scripts to enhance and automate Client's security systems and processes
- Enhance and deliver application security training to Client engineers
- Troubleshoot any operational issues engage product support as needed
- Communicates and contributes to security standards and policies
- Interfaces with internal and external contributing organizations
- Experience with Web services and App servers, Apache, Tomcat, jBoss, WebSphere
- Related Security Certification(CISSP )
- Micro-service/Service-Oriented Architectures (SOA)
- Reactive and Isomorphic Web Applications
- Node.js, Scala, Java, Perl or .NET Programming
- Hands on experience with Static Code Analysis tools
Application Security Job Description
- Providing development, infrastructure and data source administration services for security processes and applications across the enterprise with a focus on SaaS to ease the adoption from the business units
- Data lake development and engineering to establish and maintain an accounting and inventory of all identities, applications, systems, data sources and network elements across the enterprise including the access provisioned
- Assisting with proof-of-concept implementations to test and assess off-the-shelf and home-grown technologies established within the enterprise to address compliance with SOX, PCI, HIPPA and internal corporate policy
- Supporting and consulting with other infrastructure and development teams to assist the business units with implementing sound and secure SDLC practices along with coding, data engineering and security services integration / automation
- Ten or more years of combined experience in IT, application development and support, and cyber security with highly scalable online transactional systems
- Specific experience in managing access to critical systems and automation of provisioning processes and application development at large and complex Fortune 100 Company
- Strong communication and presentation skills along with the ability to handle multiple priorities and high stress situations
- Assist and drive the expanding Global Application Security program
- Partner with Tech Leads and Quality Leads to provide risk mitigation suggestions with clear and detailed information
- Work effectively as a leader in this space to function as a technical liaison between development teams and external security consultant
- Must be willing to work in our DTH facility full-time
- A university degree or a bachelor in information technology
- At least 3 years of experience in Application Support (ITIL)
- Fluent in English, optionally know French and/or Dutch
- Professional certifications or designations in software development and/or architectural frameworks, IT security, IT auditing, or risk analysis a plus, but not a requirement
- Demonstrable and detailed understanding of cryptography, network security, operating systems, and application security
Application Security Job Description
- Be able to partner with teams such as web & mobile application developers, vendors, analysts, and business clients
- Participate in projects as a functional security resource
- Manages Information Security staff in identifying, developing, implementing and maintaining information security processes across the organization to reduce risks, respond to incidents and limit exposure to liability to ensure reduced financial loss to the organization
- Develops and implements secure code practices program which includes threat modeling and automated application scanning
- Implements tools and strategies to ensure the successful implementation of the Application Security Program
- Collaborates with clients and Client Management to establish client confidence in FIS’s information security program
- Serve as Application Security Lead
- Implement security coding techniques
- Conduct application penetration and review
- Provide education and awareness
- Work experience in application security or penetration testing
- Unlimited paid vacation days
- Requires Bachelor’s degree in Computer Science or Computer Engineering or equivalent experience
- Have a basic understanding of common software vulnerabilities / application security concepts
- A strong passion for application security and ready to adapt and learn new tools and concepts at a very fast pace
- Sound understanding of application security concepts, testing methodologies, risk rating and awareness of the current industry standards in this area
Application Security Job Description
- Provide guidance for internal software development
- Provide guidance on security best practices and compliance
- Identify threats and build security protection within the design of SIE’s products and services
- Perform hands on guidance during the SDLC to proactively discover risk and track them to resolution
- Perform threat analysis and define the requirement to mitigate a risk based on the threat
- Leading includes ensuring effective communication with other engineers, consultants and leadership in order to provide the above and other duties that might be required as a team
- Perform periodic vulnerability assessments, security audits and provide reports to management for review and corrective action
- Maintain, develop, and review new and existing application related security metrics
- Design, develop and improve the Key Performance Indicators (KPI’s) that lead to firm wide reporting of the ""IT Security Posture""
- Track security vulnerabilities and follow up with responsible teams for remediation and closure of identified vulnerabilities
- Demonstrable ability to read, understand, and correctly explain source code in at least three languages chosen from the set {C, Java, Python, Scala, Clojure, Javascript, Ruby}
- Familiarity with Rugged DevOps best practices
- Proficient knowledge and in-depth understanding of how business and technical processes integrate
- Experience with PCI, HIPAA and PII related regulatory requirements
- BS or MS degree in Computer Science, Computer Engineering, Electrical Engineering, or equivalent technology experience
- Well-rounded background in application, network and host security