Sr. Application Security Engineer 
Research Triangle Park, NC

​Full Time position

Job Summary

SMART IT People has a full time Senior Application Security Engineer opportunity in Research Triangle Park, NC.

Our client, a Fortune 500 company, is seeking a Senior Application Security Engineer, reporting to the Director of Security Engineering and Innovation. The Senior Application Security Engineer will lead and implement an enterprise strategy on application security, and will partner with various technical teams to ensure this strategy is carried out. The Senior Application Security Engineer will also work closely with other security staff and represent the interests of the broader Information Security team to the rest of the enterprise.

Responsibilities and Duties

Partner with application development and other technical teams to perform security architecture reviews.
Conduct application security assessments and perform source code reviews in order to identify vulnerabilities; advise on mitigation solutions.
Articulate and highlight common threats and vulnerability vectors to application security, including denial of service, buffer overflows, and input validation.
Perform web application security testing using manual and automated tools (Burp Suite, etc.).
Act as a subject matter expert on Java and .NET security architecture.
Ensure security is being adhered to at each stage of the Software Development Lifecycle (SDLC).
Assess business requirements and use cases in order to facilitate the adoption of application security controls.
Develop secure coding standards and evangelize to appropriate technical staff.
Work closely with team members from Risk Management and Compliance in order to understand external compliance requirements.
Represent the interests of the broader Information Security team to other technical staff and business stakeholders.
Develop and share application security expertise within the broader Information Security team.
In partnership with the broader Information Security team, research and recommend emerging security technologies/tools to address current and future threats.
Provide guidance for security remediation to business and IT partners by conducting technical risk assessments (includes vulnerability assessment).
Participate in security incident handling and investigations as required.
Interact and manage vendors, outsourcers, and contractors regarding security products and services.
Manage and/or provide guidance to junior members of the team.

Qualifications and Skills

Minimum Required:

Minimum 5 years experience in information security.
Proven experience in application security, with some experience in developing web and mobile applications.
Comfortable with scripting (PowerShell, Python, etc.).
Familiarity with static code analysis platforms such as Veracode or HP Fortify.
Understanding and experience in securing OWAP Top 10 with substantial knowledge in mitigating XSS, SQL injection, and CSRF.
Strong understanding of the HTTP protocol
Proven experience with information security best practices.
Proven project management and organizational skills, specifically managing multiple, concurrent projects.
Strong interpersonal, written, and oral communication skills.
Highly self motivated and directed professional, with keen attention to detail.
Excellent analytical, problem-solving and decision-making abilities.
Able to effectively prioritize tasks in a high-pressure environment.
Strong customer service and solution-focused orientation.
Experience working in a team-oriented, collaborative environment.

Preferred Skills: 

Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline is highly desired.
CISSP certification desired.
Prior contribution to the broader security community (research, CVE’s, etc.)
Experience with Node.js
Understanding of industry standards and compliance requirements related to information security and application security—especially ISO 27001, HIPAA, and PCI DSS.

Job Type: Full-time

To apply, please send your resume to: with job title in subject line.