Kforce Application Security Engineer in Hollywood, Florida

Kforce has a client seeking an Application Security Engineer in Hollywood, Florida (FL).Responsibilities:

  • Develop and evangelize secure programming standards

  • Provide guidance to the development and applications teams to proactively address security concerns and ensure that application security architecture, designs, and plans are aligned with information security standards and controls

  • Define and coordinate security requirements within various stages of the system development lifecycle process

  • Validate and address vulnerability / threat findings from static analysis tools

  • Coordinate, schedule and perform routine internal application, network, system and infrastructure penetration testing

  • Perform security reviews of software designs and assist developers to ensure quality and robustness of our internal products

  • Perform overall design review, including protocol checks for security issues

  • Examine communications protocols and data storage mechanisms for security risks

  • Validate, address and document responses to security findings from third-party penetration testing engagements

  • Perform code reviews, application vulnerability testing and penetration testing

  • Conduct security assessments against web applications and APIs across a variety of technology stacks

  • Ensure adequate security requirements and privacy by design are built in to all architecture / infrastructure / projects

  • Perform other security team relevant duties and responsibilities as assigned

  • Willing to guide and mentor fellow team members

  • Write code and documentation

  • Bachelor's degree preferred in Computer Sciences, Information Technology, Information Security or another related field

  • At least one industry standard certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Fraud Examiner (CFE), or SANS GIAC Certifications such as GWAPT, GPEN, GCIA, GWEB, GSSP

  • Five (5) years of related work experience, which includes two (2) years of practical experience in security incident management and response and two (2) years of practical experience in threat modeling, penetration testing and / or secure application development

  • Experience with an interpreted programming language (PHP, Python, Perl, Ruby, Java, Node.js, JavaScript, etc.)

  • Direct experience with secure application development and application security risk mitigation techniques

  • Knowledge of OAuth / OpenID Connect and JSON Web Token (JWT) highly desired

  • Knowledge of web application attacks and defense strategies including those found in the OWASP Top 10 and mobile Top 10

  • Passionate about Application Security with any combination of the following: secure coding, experience securing platform web APIs, code debugging, software development, system administration and network security, penetration testing (app and network), implementation of secure application architectures, cryptography and key management, authentication and control of application permissions

  • Have an understanding of OS concepts such as scheduling, interrupt handling, virtualization of computing resources

  • Demonstrate an understanding of programming and scripting skills

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.Compensation Type:Years