Application Security Engineer
Millennium’s Information Security Team is looking to recruit an experienced Application Security Engineer to safeguard our applications from existing and emerging security threats. In this role, your primary task will be to work closely with our software engineering teams to design and implement security controls. You'll bring a blend of software engineering expertise and an understanding of data and Information Security.
Responsibilities:
1. Engage in the entire application lifecycle, focusing on coding and debugging.
2. Collaborate with our internal teams to identify and fix security issues in our applications as well recommending best practices for secure deployment.
3. Conduct penetration testing, code reviews, and design/architecture reviews to assess application vulnerabilities.
4. Participate in risk management activities, including application risk assessments and risk treatment/mitigation strategies.
5. Design and implement robust security architectures for any IT projects.
6. Provide expertise on encryption, security controls, and secure programming.
7. Develop and deliver training materials for the Software Engineering team related to secure coding practices and policies.
8. Develop and implement security standards, procedures, and guidelines for multiple platforms and diverse system environments.
Qualifications/Skills:
9. Bachelor's degree or higher in Computer Science, Computer Engineering, IT Security or related field.
10. 5+ years’ experience working as an Application Security Engineer, Software Engineer, or similar role.
11. Demonstrated work experience in Public Cloud environments (AWS/GCP/Azure)
12. Strong understanding of security architectures, secure configuration principles/coding practices, cryptography fundamentals and encryption protocols.
13. Experience with common SCM & CI/CD technologies like GitHub, Jenkins, Artifactory, etc. and integrating Security Scanning and Vulnerability Management into the CI/CD Pipelines
14. Familiarity with static and dynamic security analysis tools, and SCA/SBOM solutions.
15. Hands on experience with Secrets Management & Password Vault technologies such as Delinea Secret Server and/or Hashicorp Vault, etc.
16. Experience in secure programming in languages such as Python, Java, C++, C#, or similar.
17. Familiarity with Infrastructure as Code tools (CloudFormation, Terraform, Ansible, etc.)
18. Familiarity with web application security testing tools and methodologies.
19. Knowledge of various security frameworks and standards such as ISO 27001, NIST, OWASP, etc.
20. Knowledge of Linux, OS internals and containers is a plus.
21. Certifications like CISSP, CISM, CompTIA Security+, or CEH are advantageous.