Application Security Engineer
About the role
The Application Security Engineer plays a crucial role in ensuring the security and privacy of our company's applications and data. This role requires a deep understanding of security and privacy principles, as well as experience in application security and secure software development.
Responsibilities
- Conduct security assessments using SAST and DAST tools
- Collaborate with software development teams to integrate security into the SDLC
- Analyze security assessment results to identify vulnerabilities and provide guidance on remediation
- Design and implement secure software development practices, including threat modeling and secure coding standards
- Stay updated on security trends and technologies and recommend new controls
- Conduct application security investigations and provide recommendations to mitigate risks
- Maintain security documentation and provide subject matter expertise
Requirements
- Experience with OWASP, SAST, DAST, SCA, RASP and common security tools
- Strong understanding of web application security and common attack vectors
- Proven experience in diagnosing, isolating, and resolving complex issues
- Experience with systems integration processes, methodology, and tools
- Development and scripting experience, especially with .NET
- Experience with API and Web Security
- Experience with WAF or similar application security infrastructure
- Experience integrating security in CI/CD, DevOps
- Experience with Azure Devops, Terraform or other automation and integration technologies
- Experience with risk management, vulnerability prioritization, and threat modeling
Qualifications
- Bachelor's degree in computer science, information security, or a related field
- Seven (7) years or more experience in application security, security engineering, software development, or a related field
- Five (5) years or more experience with secure coding practices, threat modeling, and secure SDLC methodologies
- Five (5) years or more experience with diagnosing, isolating, and resolving complex issues
- Five (5) years or more experience with systems integration processes, methodology, and tools
- Five (5) years or more experience with development and scripting, especially with .NET
- Five (5) years or more experience with API and Web Security
- Three (3) years or more experience with WAF or similar application security infrastructure
- Six (6) years or more experience in process or operation management
- Six (6) years or more experience with Value Stream Mapping, Continuous Flow, Pull Replenishment, and other process improvement techniques
Skills
- Excellent communication skills, both verbal and written
- Ability to work independently and as part of a team
- Flexibility to operate in a fast-paced environment
- Multi-tasking and excellent time management skills
- Proficiency in at least one programming language (e.g. Python, .NET, Javascript)
- Proficiency in at least one common scripting language (e.g. PowerShell, bash, etc.)
- Familiarity with NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR and global regulations
- Experience with CI/CD, Azure Devops, Terraform or other automation and integration technologies
- Experience with risk management, vulnerability prioritization, and threat modeling
Benefits
Ryder offers comprehensive health and welfare benefits, including medical, prescription, dental, vision, life insurance, and disability insurance options, as well as paid time off. Additionally, there is an opportunity for an annual bonus, commission, and/or long-term incentive plan based on the level and type of the position. Ryder is committed to providing a fair and competitive compensation range for this role, with a minimum of $110,000.00 and a maximum of $130,000.00 annually.
Pay
The compensation offered to a candidate may be influenced by a variety of factors, including the candidate’s relevant experience, education, including relevant degrees or certifications, work location, market data/ranges, internal equity, internal salary ranges, etc. The position may also be eligible to receive an annual bonus, commission, and/or long-term incentive plan based on the level and/or type.
Schedule
The schedule for this position is typically full-time, but may vary based on the specific needs of the department.