Application Security Engineer
Dublin, CA

Job Description

Application Security Engineer

JOB SUMMARY

The Application Security Engineer is part of the Information Security team that provides support services for servers, SaaS services, data center, and cloud operations; and builds the most secure software to support home and community-based care.

Incumbent will partner with our cross functional engineering teams to continually improve product security by incorporating security in all phases of software development life cycle, develop, and identify tools to support automation of the development and delivery (CI/CD) pipeline. Information Security team members are expected to work autonomously in the pursuit of keeping us secure and will demonstrate strong communication skills and ability to effectively work independently and as part of a larger, highly distributed team.

ESSENTIAL JOB FUNCTIONS

* Establish security best processes and practices for our mobile, on-premise and cloud-based platforms
* Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls
* Implement secure Software Security Development Lifecycle processes and software maturity model
* Perform Architectural risk analysis and threat modeling, secure design and source code review
* Conduct security assessments, security testing and validation of vulnerability scan results
* Incorporate security tools/tasks to automate product development and deployment
* Establish supply chain security process and ensure 3rd party software meet the standards
* Mentor and train development teams on secure coding standards and techniques

QUALIFICATIONS

Minimum Education, Experience & Training Equivalent to:

* A minimum 7 years of experience with 5 of those years focused on application security
* Degree in related field or an equivalent 5 years of work experience related to application or product security
* Demonstrated security experience with Mobile (IOS and Android) platforms
* Experience with Cloud (AWS) Security
* Experience with multiple programming languages (Java, JavaScript, Go, Python, Ruby, Objective-C, C#, PHP) with hands on level coding experience with at least one scripting and one objected oriented programming language
* Fluent with security testing with SAST, DAST, IAST, Fuzz and penetration testing tools
* Solid experience with security tools like CheckMarx, BurpSuite, Nessus, QualysGuard, Metasploit, Netsparker
* Familiar with tools like Terraform, Packer, Vault, Consul, Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Sumologic
* Experience with micro services, container deployment and service orchestration
* Demonstrated experience in developing, documenting and maintaining security applications/tools and procedures/standards
* Human Services or Healthcare industry experience is a plus
* AWS Certified Solution Architect, or ability to pursue certification within 18-24 months of hire, preferred.
* Travel Requirement: <10% US only

Knowledge, Skills & Abilities:

* In-depth knowledge of web and mobile security vulnerabilities, attack vectors and mitigation techniques
* Good understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25
* Knowledge of DevSecOps to maintain security in CI/CD pipeline
* Strong knowledge of cryptography, API security, and secret management
* Ability to clearly and effectively communicate concerns and issues to the management and engineers
* Advanced Experience with AWS services like: CloudFormation, IAM Policies, EC2, Lambda, S3, Glacier, Multi-Region VPC, Route53, Security Groups, ALB/ELB/NLB, API GW, WAF, Shield, GuardDuty, KMS, CloudTrail, Config, CloudWatch, Config, Kinesis preferred.
* Experience working with Quality, Compliance and documentation standards; working in audit situations, preferred.
* Sensitivity to working with an ethnically, linguistically, culturally, and economically diverse population.
* A commitment to the values of the organization while demonstrating good judgment, flexibility, patience and discretion when dealing with confidential and sensitive matters.
* Proficient in Microsoft Office (Outlook, Word, Excel, etc.), especially Excel and related computer software.
* Ability to consistently demonstrate good judgment and decision-making skills.
* Ability to maintain the highest levels of confidentiality.
* Ability to work in an exciting, fast paced high energy environment while effectively multitasking.
* Personable; able to work comfortably with individuals at all levels within the organization.
* Ability to manage day-to-day responsibilities without supervision.
* Frequent proofreading and checking documents for accuracy.
* Excellent verbal and writing communication skills.
* Must be highly detail-oriented.
* Strong interpersonal skills.

Physical Requirements:

* Must be able to communicate effectively within the work environment, read and write using the primary language with the workplace.
* Visual and auditory ability to work with clients, staff and others in the workplace continuously.
* Frequent speaking and listening (25-75%) to clients, staff, and others in the workplace.
* Ability to utilize computer, cell phone (iPhone), fax machine, telephone and copy machine.
* Frequent sitting.

CONDITIONS OF EMPLOYMENT

* Ability to obtain and maintain criminal record clearance through the Department of Justice (DOJ). The People & Performance Department must analyze DOJ/FBI live scan reports in accordance with applicable Federal, State, and Local laws, as well as fitness for the position.
* Ability to obtain and maintain clearance through the Office of Inspector General.
* Must attend any ESBA required training.

About Us

Easterseals Bay Area (ESBA) is a leading provider of programs and services for individuals and their families affected by autism, developmental disabilities, and special needs. We are mission-driven and proud of our team members who work each day to ensure those affected by disabilities can live, learn, work, and play to their full potential.Our focus on clinical excellence includes a comprehensive clinical standards program that meets the rising demand for individualized and accessible behavioral health services. Our team - from client-facing practitioners to business and support staff - works together to take on autism and disabilities with an approach that benefits clients, their families, and the entire staff.

You would be a great fit at ESBA if you are interested in being part of an organization that has a consistent track record of high-quality clinical standards, rapid expansion, and a dynamic employment environment with exceptional opportunity for personal growth. We are accredited by the Commission on Accreditation of Rehabilitation Facilities (CARF) International. This three-year accreditation certifies that ESBA meets internationally recognized standards for high-quality services and is the highest level recognition that CARF awards. The CARF surveyors noted that "the organization demonstrates a strong commitment to the clients [which is] clearly visible in the staff members' conscientious attention to detail and collaborative efforts."

Founded in 1927 in Northern California, Easterseals Bay Area is a 501(c)(3) non-profit organization and an affiliate of the Chicago-based Easterseals national organization, which was established in 1919 and works in communities across America. ESBA has nine offices located in the Bay Area.

Easterseals Bay Area is an equal opportunity employer.