We are committed to provide our Employees a stable work environment with equal opportunity for learning and personal growth. Creativity and innovation are encouraged for improving the effectiveness of Southwest Airlines. Above all, Employees will be provided the same concern, respect, and caring attitude within the organization that they are expected to share externally with every Southwest Customer.
The Application Security Engineer will be a part of the Cybersecurity Team focused on general application security, DevSecOps principles, and code quality. The Cybersecurity Team works with application development teams to ensure technology security and vulnerabilities are addressed and remediated throughout the system development life cycle (SDLC). As a senior member of the team, your focus will be building and maintaining relationships with different business units, influencing and injecting secure ideas into the roadmap, promoting best security practices, solving world-class security challenges, and pushing your engineering knowledge and expertise while continuously penetration testing our compute ecosystem.
* Conduct application security assessments and penetration tests (web, mobile, web service, etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools and/or code review tools
* Perform threat models and risk assessments to characterize the risk and severity posture of large-scale commercial or in-house enterprise applications
* Experience programming and scripting and ability to develop or adapt custom tooling to solve new needs
* Experience performing baseline static/dynamic application security assessments (SAST/DAST) on new applications and changes to applications
* Experience Writing security assessments and application threat profile reports
* Working knowledge of industry and commonly adopted secure standards, practices (e.g. applicable NIST standards, CIS, ISO, OWASP, SANS, BISMM, and CERT)
* Effectively applies knowledge and skills of software development and testing to solve a range of problems.
* Partners with other Technology Teammembers to provide advice or solutions within his or her area of expertise.
* Keeps informed about current developments within his or her area of expertise.
* Track and research the latest developments in vulnerability research
* Strong understanding of vulnerabilities, common attack vectors and how to resolve them
* Attacker mindset: ability to think about creative threats and attack vectors
* Proactively identifies problems, performs root cause analysis, investigates information, performs impact analysis; formulates and executes plans to develop solutions.
* Identifies strengths and weaknesses of alternative solutions, conclusions, or approaches to problems.
* Understands and can estimate effort and value for solutions
* Understands at a broad level how technology platforms/architectures are applied to automated business solutions.
Systems Development Engineering:
* Facilitate or complete Analysis, design, and programming of viable solutions to high complexity business problems according to user specifications.
* Develop or approve detail program specifications.
* Partner with Enterprise Architecture to evaluate and recommend emerging technologies, and influence technical designs.
Testing / Deliverable Quality:
* Participate in system and acceptance testing.
* Ensure that systems are functionally appropriate, technically sound, and well integrated.
* Test and implement system and enhancements using techniques that preserve system integrity.
* Responsible for immediate response to production program issues.
* Sets up or follows established procedures and standards to ensure high quality and quantity of work.
* Understand dependency identification processes in technology work, verifies information and carefully reviews and checks the accuracy of own work.
* Establishes or follows prioritization processes to drive work and has a sense of urgency about getting work completed.
* Looks for and seizes opportunities to do more or to do things better.
* Analyze and resolve multiple complex problems without direction.
* Research and recommend alternative actions for problem resolution.
* Employ productivity aids in all aspects of assignments.
* Highly organized and self-directed.
* Maintain partnerships with application development teams, participate in corrective action plans for identified issues
* Articulate risk and business impact to stakeholders
* Provide on-the-job training and mentoring to other members of the team
* Appropriately shares ideas and information with others.
* Practices attentive and active listening.
* Ensures that regular and consistent communications take place.
* Expresses ideas clearly and concisely in writing.
* Expresses oneself clearly in conversation and interaction with others.
Must be able to meet any physical ability requirements listed on this description.
May perform other job duties as directed by Employee's Leaders.
BASIC QUALIFICATIONS: High School Diploma, GED or equivalent education required. Must be at least 18 years of age. Must have authorization to work in the United States as defined by the Immigration Reform Act of 1986.
* BS, Business, Engineering, Computer Science, or Information Systems, or equivalent formal training required.
* Minimum of 5 years work experience as a Software Engineer or equivalent role required.
* 5+ years in application penetration testing preferred
* Experience conducting application security assessment and penetration tests via Web, Mobile, Web Service, and others preferred
* Experience writing security assessment and application threat profile reports preferred.
* Certified Ethical Hacker (CEH) and/or GIAC Penetration Tester (GPEN) and/ or Certified Forensic Examiner (GCFE) preferred.
* May be asked on occasions to lift and/or pull weights loads of approx. 20 lbs. on a periodic basis.
* May require extended work hours per Leaders' request.
* May be asked to climb, bend, kneel, crawl, and stoop on a periodic basis.
* Advanced knowledge of software development methodologies, practices, concepts, and technologies obtained through formal training and / or work experience.
* Advanced knowledge of at least one required programming language.
* Excellent partnering, communication, and negotiation skills in working with various Technology or partner Teams.
* Able to analyze large, complex, and vague Business or technical problems, articulating the problem or root cause, and translating the analysis into viable solution recommendations.
* Able to work effectively in a strong Customer service / team oriented environment.
* Able to take on multiple assignments, whether administrative or project related, while maintaining a successful level of completion in all responsible work. Able to mentor others to do the same.
* Able to prioritize effectively.
* Able to develop, present and effectively communicate ideas and strategies to a variety of audiences.
About Southwest Airlines
Southwest Airlines Co. is a major U.S. airline and low-cost carrier.