Role: Application Security Engineer
Location: Okemos, MI or Farmington Hills, MI
Hybrid model from day one of the assignment, must work two days in the Michigan office per week
Duration: Long term
Rate: Market

Expected Joining Time: Targeting interviews for the week of September 11th. Single video interview, one qualified candidate interviewed will have an offer extended. Join 2 Weeks after offer.
Need Photo ID / LinkedIn Link

Job Summary:

• Analyze and lead software designs and implementations from a security perspective, identify, and resolve security issues through the utilization of manual and automated testing.
• Provide appropriate security analysis, defenses, and countermeasures, at each phase of the software development lifecycle to result in robust and reliable software in alignment with information security best practices.

Primary Job Responsibilities:

• Develops and maintains technical solutions for the ongoing improvement of Application security, as well as automating and orchestrating repetitive or manual tasks and promoting self-service.
• Keeps current on emerging technologies, open system standards, and management technologies as they relate to the support of our business needs.
• Leads operational tasks and responds to urgent requests when necessary, as well as participating in annual disaster recovery exercises and plan updates.
• Creates knowledge base articles and ensures they are kept up-to-date and provides operational training to partners and team members in accordance to industry standards.
• Leads safe and detailed security testing on applications, computers systems, and networks that are external or internal facing using manual tests and automated tools (such as: code scanning tools (dynamic/static), manual exploit testing scripts, manual application logic crawling).
• Demonstrates to technology and system owners how to exploit found vulnerabilities (break into) on applications and systems when they are identified to aid teams in understanding and remediating.
• Assists in defining and maintaining a well-rounded application security assessment program.
• Assist and support Senior Engineers and Architects with projects and defined deliverables.
• Work with internal infrastructure and platform teams to advise on risk reduction and facilitate remediation work to ensure application code is free of vulnerabilities.

Minimum Qualifications:

• Position requires a bachelor's degree in information technology or a related field and five years' experience in information security or application development.
• CISSP is preferred.
• An Application Security certifications such as OSCP, GPEN, or GWEB is preferred. Will accept any suitable combination of education, training, or experience.

Nice to have:

• Experience/Exposure to Aqua Security, Rapid7 Insight AppSec, Okta, Bitbucket,
• Experience with OAUTH and OIDC
• Experience with Kali testing tools
• Familiarity with Weblogic, Oracle database, and PostgreSQL

Must Have:

• API Testing through the use of BurpSuite (or similar), Static Code Analysis, and Dynamic Code Analysis
• Experience with one or more programming languages such as Java, Python, or PowerShell
• Experience/Exposure to Get, BitBucket, Artifactory, Jenkins, or similar