Senior Application Security Engineer

The Sherwin-Williams Company - Cleveland, Ohio

Essential Functions

Strategy & Planning

• Acquire and interpret business requirements and functional specifications to recommend security requirements.
• Maintain knowledge of best security practices through training, research, and involvement with local IT security groups
• Work with development and QA teams to ensure the use of secure coding practices and verification methods.
• Review and submit technical and security improvement recommendations as a member of the technical leadership team.
   

Acquisition & Deployment

• Work with architects and developers to design optimal security practices when developing new application functionality.
• Identify and help application developers remediate potential security flaws.
• Mitigate security risks associated with projects, which have a high technical complexity and/or involve significant challenges to the business.

Operational Management

• Provide support for critical web application problems and issues.
• Act as a Subject Matter Expert in the discovery and investigation of critical security vulnerabilities as required.
• Train and teach the development staff.
• Ensure new system builds are hardened and appropriate security packages, tools, logging and monitoring applications are configured properly.

Incidental Functions

• Conduct research into new technologies, including tools, components, and frameworks.
• Train and knowledge share with development teams.
• Mentor and coach developers and/or Professional Apprentices.
• Project and task management and reporting as necessary.
• Make presentations to management, clients, and peer groups as requested
• Provide tier two, on-call support for critical web application problems and issues.
• Analyze performance of programs and take action to correct deficiencies based on consultation with clients and approval of supervisor.
• Participate in hiring activities and fulfilling affirmative action obligations and ensuring compliance with the equal employment opportunity policy.
• Minimal travel as required
• Work outside the standard office 7.5 hour workday as required.

• Bachelor Degree or foreign equivalent in related field or equivalent experience.

 Knowledge & Experience

• 5 years of IT experience.
• 3 years experience working on all phases of the Software Development Lifecycle.
• 3 years of Web Application Development Experience, like Java, .NET or PHP (Java preferred)
• Familiar with Web Services and SOA (Service Oriented Architecture).
• Ability to interact with development teams and help them understand vulnerability remediation.
• Expertise in performing manual penetration testing.
• Hands on experience with dynamic or static scanners, such as Qualys or Veracode, or HP Webinspect.
• Experience with penetration assessment of web or non web applications.
• Experience with OWASP, security code review, threat modeling, or application penetration assessment.
• Experience with source control environments such as Git.
   

Personal Attributes

• Advanced analytical, conceptual, and problem-solving abilities.
• Strong written and oral communication skills.
• Proven ability and initiative to learn and research new concepts, ideas, and technologies quickly.
• Ability to work in a team-oriented, collaborative environment.
• Ability to translate an idea or need into a completed solution or work product.

---

Posted: 30+ days ago

Apply Now