Application Security Engineer III

Job Description

Description:

Job Summary: Assist the Chief Information Security Officer in leading and managing the Information in accordance with organizational policies and goals. The candidate will assist the Chief Information Security Officer and the Application Security Team Lead in processing documentation, facilitation, remediation planning, risk management, and systems implementation coordination to meet the audit, control, and compliance requirements.

The Application Security Engineer III will be responsible for identifying and reporting all security issues, prioritizing threats, and confirming threats have been mitigated in accordance with company standards. The Application Security Engineer III will be a resource of experience and best practices to for the Information Security Team.

Viable candidates must be willing to work onsite at GSI's headquarters in Palm Harbor, Florida daily.

Key Responsibilities:

Proficiency in configuration, optimization, and utilization of information security tools such as Crowdstrike or similar EDR, Cisco FTD, Palo Alto, Qualys, HP Fortify, Nessus, Kismet, Airsnort, NMAP, Wireshark, WebInspect, SNORT, Security Onion, and Nikto, Burp Suite, Kali Linux, and other web application penetration testing tools

Sound understanding of manual techniques to exploit vulnerabilities in the Open Web Application Security Project (OWASP) top 10 including but not limited to cross-site scripting, SQL injections, session hijacking, and buffer overflows to obtain controlled access to target systems

Attack and Penetration experience in testing of Internet infrastructure and Web-based applications utilizing manual and automated tools

Architect and design new tools to include SOP’s and Diagrams for the SECOPS team and Security and Network operations team.

Proficiency in static and dynamic scanning methodologies

Expert ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols

Ability to perform general inspection and implement preventative measures on intrusion detection systems

Assist in managing multiple competing priorities in a fast-paced SaaS environment

Assist in managing third-party security services, application vendors, evaluate new vendors and services

Requirements:

Work Experience / Knowledge:

Knowledge of Industry Standards, e.g., ISO 17799/27001, FISMA/FedRAMP, NIST Publications, and other Industry Related Security Standards

Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate Compliance

Hands-on working experience with Microsoft SQL Server 2012/2016/2019

Strong working knowledge of agile and waterfall software development lifecycle methodologies

Experience reviewing or auditing IT general controls, network infrastructure, information security, SDLC, web server, database server, operating systems, and/or software applications to ensure compliance is maintained

Experience in the implementation and management of both offensive and defensive security technologies in conjunction with commercial and federal information security compliance initiatives

Active participation in Enterprise-level Risk Assessment and Business Impact Analysis

Active participation in disaster recovery and business continuity planning and execution

Consulting experience in Information Security

Hands-on working experience with Windows Server 2012/2016/2019

Experience in TCP/IP Networking

Knowledge of Industry Standards, e.g., ISO 17799/27001, NIST Publications, and other industry-related security standards

Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate Compliance

Work with internal and external resources on performing and reporting the annual penetration testing to include complete white-hat testing; Must provide a detailed report and recommendations for improvements and remediation where applicable

Work with internal and external stakeholders to assess security requirements, and approve/modify designs as needed

Ensure vulnerabilities are mitigated in a timely fashion in accordance with the applicable compliance requirements

Support incident responses for all security-related issues 24/7

Qualifications / Certifications:

5 or more years of experience in one or more of the following Database Environments: Microsoft SQL Server, Oracle, Sybase, DB2, and MySQL

CISSP, CISM, OSCP, CEH and/or Security+/Network+ Certifications

5 or more years hands on experience in one or more of the following Operating Systems: Windows Server 2008/2012/2016/2019, Linux and UNI

5 years practical experience in TCP/IP Networking

5 years experience with managing small tactical teams

5 years or more experience with private or public cloud security

2 or more years designing, architecting and engineering security solutions.

Special Requirements:

May also be assigned various projects and tasks as needed

Hours: Day shift. Evening and weekend hours may be required

Equal Opportunity Employer. M/F/D/V

Full-time