As an Application Engineer embedded within our Agile development teams, you will play a crucial role in ensuring the security and integrity of our applications, systems, and data. While working closely with cross-functional Agile teams, you will report directly to the Information Security Application Security Team to act as a liaison and subject matter expert aligning efforts across the broader security strategy.
Responsibilities:Partner with enterprise and solutions architects, software engineers, product owners, DBAs and QA engineers to ensure adequate security is in place throughout the SDLC.Collaborate with Agile teams throughout the software development lifecycle to integrate security requirements, perform risk assessments, and address security issues.Provide guidance and support to Agile teams on secure coding principles, security frameworks, and OWASP Top 10 vulnerabilities.Conduct threat modeling exercises with Agile teams to identify potential security threats and recommend appropriate mitigation strategies.Plan, coordinate, and execute security testing activities, including penetration testing, vulnerability scanning, and security assessments. (Experience with Dynamic Application Testing)Assist in incident response activities related to application security incidents and contribute to post-incident reviews to improve security measures.Promote security awareness within Agile teams by organizing workshops, training sessions, and providing timely security updates.Maintain accurate and up-to-date security documentation, including security guidelines, standards, and procedures, to ensure compliance with industry regulations.Continuously monitor and assess the security posture of applications, propose enhancements, and drive the implementation of security improvements.Identify and communicate potential security risks and vulnerabilities to the Information Security Application Security Team, helping in the formulation of risk management strategies.Foster a collaborative and productive working relationship with Agile teams, sharing knowledge and best practices to improve overall security awareness and practices.Evaluate and recommend security tools, solutions, and technologies that align with the organization's security goals.Requirements:Fluent English1+ years of experience in a software development role such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer with a good understanding of application security.Knowledge of web application (SaaS) design best practices and secure software development.Familiarity with relevant security standards, regulations, and frameworks (e.g., OWASP, NIST, ISO 27001).Experience with SOAP and REST APIs.1+ years of experience completing application security testing engagements and reports.Solid knowledge of common web application security vulnerabilities, secure coding principles, and secure development frameworks.Demonstrated ability to work collaboratively within a team and across departments to achieve common security goals.Strong problem-solving skills and the ability to think critically under pressure.Self-motivated, proactive, and able to work independently with minimal supervision.
Preferred:Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CISM, CSSLP) are a plus.Experience with security testing tools and techniques (e.g., SAST, DAST, IAST) to identify and remediate security issues.Strong understanding of Agile software development methodologies and experience working closely with Agile development teams.Strong knowledge of .NET 4.0+ and Core, MVC 4/5, and Entity Framework.Excellent communication and interpersonal skills, with the ability to convey complex security concepts to technical and non-technical stakeholders.Knowledge of DevSecOps practices and experience with CI/CD pipelines is desirable.NTD Software is an equal opportunity employer. We do not discriminate on the basis of age, race, color, religion or religious creed, sexual orientation, gender, gender identity, marital status, family or parental status, disability, military or veteran status, age, or any other basis protected by law. All employment decisions at NTD Software are based on a person’s merit, business needs, and role requirements.
